Configure EMS Tomcat to only support TLS 1.2 or greater SSL sessions

Configure EMS Tomcat to only support TLS 1.2 or greater SSL sessions

To restrict tomcat to certain protocols you need to make changes to the tomcat connector configuration in server.xml file from C:\Program Files\Neverfail\tomcat\apache-tomcat\conf\: 

For example if you want to modify the protocols to TLSv1.2:

original:

<Connector port="${hbws.config.local_host_ssl_port}" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
			   keystoreFile="../ssl/NFKeyStore.jks"
			   keystorePass="D32g9Z17aB"
			   keyAlias="nfhb_private_certificate"/>

new:

    <Connector port="${hbws.config.local_host_ssl_port}" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"
			   keystoreFile="../ssl/NFKeyStore.jks"
			   keystorePass="D32g9Z17aB"
			   keyAlias="nfhb_private_certificate"/>

Remember that if you change the server.xml you have to stop and start nfwebsvc service for the changes to take affect. 


    • Related Articles

    • Apache Tomcat Plugin v201.5.2 - Release Notes

      About Apache Tomcat Plugin Apache Tomcat Plugin provides protection and proactively monitors the Apache Tomcat environment’s configuration data, services, and application data files. What's new support for Apache Tomcat 10.x.x Fix for [EN-6441]: ...

    • Engine Management Service (EMS) FAQ

      What is EMS (Engine Management Service)? The Engine Management Service is the primary tool used for deployment and normal daily control of Neverfail Continuity Engine. Most routine operations can be performed from the Engine Management Service User ...

    • Apache Tomcat Plugin v201.5.1 - Release Notes

      About Apache Tomcat Plugin Apache Tomcat Plugin provides protection and proactively monitors the Apache Tomcat environment’s configuration data, services, and application data files. Supported Versions and Platforms Apache Tomcat 9.x.x Apache Tomcat ...

    • How to use HTML5 version of Neverfail Engine Management Service (EMS) UI instead FlashPlayer version

      Summary This Knowledge base article provides information about using the HTML5 version of the Neverfail EMS (centralized web console) instead of FlashPlayer version as FlashPlayer is end-of-life and no longer working. More Information The EMS web ...

    • How to Install Neverfail Engine Management Service (EMS - web centralized console)

      Summary This Knowledgebase article provides the procedure to install the Neverfail Engine Management Service. Using this procedure will ensure that you achieve a successful installation. Note: You CAN'T install the EMS web console on a server which ...