Is there any way to disable the use of TLS v1.1 (and v1) for all SSL configured listeners in Glassfish 4.1? I've tried to set the JVM property
-Ddeployment.security.TLSvX.Y=false
as recommended by this Oracle blog post (https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls) but the protocols are still being used in the https negotiations.
答案 0 :(得分:4)
好的,我已经找到了如何通过搞乱Glassfish命令界面来做到这一点。 运行以下命令:
asadmin set configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.tls-enabled=false
asadmin set configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.tls11-enabled=false
这将只启用 TLSv1.2 。此命令针对默认HTTPS侦听器(端口8181)运行,因此请记住在需要时针对任何其他安全HTTP侦听器运行。