How to configure Apache Tomcat for TLS 1.2 only
For security reasons, it is strongly recommended to allow HTTP communication solely over TLS 1.2 (Transport Layer Security).
This recommendation applies to ICG releases prior to version 1.03.120.
As of ICG version 1.03.120, TLS 1.2 will be enabled by default.
To enable TLS 1.2 only, proceed as follows:
- Become root.
- Open the Tomcat server configuration file opt/IGEL/icg/apache-tomcat-XXX/conf/server.xml with an editor.
XXX stands for the Tomcat version which is part of the folder name.
- Add the attribute sslEnabledProtocols="TLSv1.2" to the Connector element as shown in the picture below.
- Save the changes.
- Restart the ICG as described under Controlling the ICG Daemon.
IGEL's Terms & Conditions apply.