我试图在apache tomcat 9.0.2中禁用TLS 1.0,但该属性从未被采用
以下是错误
20-Feb-2019 22:51:40.913 WARNING [main] org.apache.catalina.startup.SetAllPropertiesRule.begin [SetAllPropertiesRule] {Server / Service / Connector / SSLHostConfig / Certificate}将属性'sslProtocol'设置为'TLSv1.1, TLSv1.2'找不到匹配的属性。 20-Feb-2019 22:51:40.914 WARNING [main] org.apache.catalina.startup.SetAllPropertiesRule.begin [SetAllPropertiesRule] {Server / Service / Connector / SSLHostConfig / Certificate}将属性'sslEnabledProtocols'设置为'TLSv1.1, TLSv1.2'找不到匹配的属性。
Server.XML配置文件
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="/opt/certs/newtomcatcert/hello.gi.com.jks"
certificateKeystorePassword="########*"
type="RSA" sslProtocol="TLSv1.1,TLSv1.2"
sslEnabledProtocols="TLSv1.1,TLSv1.2" />
</SSLHostConfig>
</Connector>
-->
nmap结果
启动Nmap 5.51(http://nmap.org)于2019-03-04 19:54 EST Nmap扫描报告为hello.gi.com(10.10.100.71)主机启动(延迟0.0013秒)。 PORT STATE SERVICE 443 / tcp open https | ssl-enum-ciphers:| TLSv1.0 |密码(4)| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | TLS_DHE_RSA_WITH_AES_256_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |压缩机(3)|未压缩的未压缩的未压缩的TLSv1.1 |密码(4)| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | TLS_DHE_RSA_WITH_AES_256_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |压缩机(3)|未压缩的未压缩的| _未压缩的MAC地址:00:50:56:A4:E0:AE(VMware)
完成Nmap:在1.29秒内扫描1个IP地址(1个主机)
最后它结果是一种语法
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig protocols="TLSv1.1,TLSv1.2">
<Certificate certificateKeystoreFile="/opt/certs/newtomcatcert/hello.gi.com.jks"
certificateKeystorePassword="########*"
type="RSA" />
</SSLHostConfig>
</Connector>