On 12/01/2021 19:31, Christopher Schultz wrote:
> All,
>
> For Tomcat 10 (only), I propose we change the default SSLHostConfig
> protocols attribute from the current "SSLv2Hello, TLSv1, TLSv1.1,
> TLSv1.2, TLSv1.3" to SSLv2Hello, TLSv1.2, TLSv1.3".
>
> (That is, remove TLSv1 and TLSv1.1 from the
All,
For Tomcat 10 (only), I propose we change the default SSLHostConfig
protocols attribute from the current "SSLv2Hello, TLSv1, TLSv1.1,
TLSv1.2, TLSv1.3" to SSLv2Hello, TLSv1.2, TLSv1.3".
(That is, remove TLSv1 and TLSv1.1 from the default list.)
Any objections?
-chris
-
