![]() The setup works fine for us using HTTP/1.1 and TLSv1.2 but we now want to use HTTP/2 and TLSv1.3. One of our applications runs on Tomcat 9.0 on Windows with Java 8. References: I have used following threads to get understanding of TLS support.TL DR: How can we configure Tomcat running on Windows with Java 8 to support both TLSv1.3 and HTTP/2? You may test it out using the free service That’s it! Now restart the machine and your Ubuntu 20 should support TLS 1.1 and TLS 1.0. Go all the way to the last line of openssl.cnf and add following # X.509v3 extensions in its main section.) # (Alternatively, use a configuration file that has only # "openssl x509" utility, name here the section containing the # To use this configuration file with the "-extfile" option of the # This definition stops the following lines choking if HOME isn't At the top of the file, add line openssl_conf = default_conf. ![]() Open the file /etc/ssl/openssl.cnf in the editor. In /etc/apache2/mods-available/ssl.conf, make sure to have following line SSLProtocol all -SSLv3Īlong with this, I have different values for SSLCipherSuite on two different servers but it works on both servers so I assume that no change is needed for SSLCipherSuite key in ssl.conf file. You must verify and/or change for ALL virtual servers. Now go through each virtual server conf file /etc/apache2/sites-available/YOUR_VIRTUAL_nf to make sure the following line exists within section (and not SOME_IP_ADDRESS: 80) section. Also note that I have added at the end of the line. It is same as what we have done using UI in earlier step.įor SSLCipherSuite, I have used site to generate Apache Cipher with “Old” configuration. SSLCipherSuite above line, we are instructing Apache to enable all protocols except SSLv2 and SSLv3. If you see SSLProtocol and/or SSLCipherSuite, replace those lines with following. Go to Webmin > Servers > Apache Webserver > Global configuration tab > Edit Config Files > select etc/apache2/nf ![]() Make sure you follow the above steps for ALL SSL enabled virtual servers because SSL settings across different virtual servers are somehow affecting entire Apache server. Go to Webmin > Servers > Apache Webserver > Existing virtual hosts tab > YOUR_VIRTUAL_SERVER:443 > SSL Options > SSL protocols > Tick TLS v1.0, 1.1, 1.2, 1.3 and Untick SSLv2 and SSLv3. Enable Older TLS Version Using WebminĮnabled TLS 1.0 and 1.1 from Webmin UI. After researching for days and reading lots of threads, here are the things that worked for me. Enabling older TLS version is not a straight forward path. ![]() ![]() It seems like Windows 7 can work only using TLS 1.1 or TLS 1.0, the application stopped connecting to the Website. If you have a server upgraded from Ubuntu 18 to Ubuntu 20, it supports recent and older TLS. After researching, I found out that in order to increase security, Ubuntu 20 supports only TLS 1.2 and older TLS are disabled by default on new installation. I figured out that there is something wrong with the SSL connection and hence the application cannot connect.Įven though my old and new servers are Ubuntu 20, somehow both support different SSL versions. If the application is running on Windows 7, it cannot connect to the Website but if the application runs on Windows 10, it works. Net application that is connecting to the my website. When I migrated a site to a new Ubuntu 20 server, I faced an issue. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |