User Tools

Site Tools


tomcat

This is an old revision of the document!


Tomcat

Tomcat SSL

Setting up tomcat with HTTP Native library.

| server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" scheme="https" maxThreads="200" secure="true" SSLEnabled="true" SSLCertificateFile="/etc/pki/tls/certs/k2patel.in.crt" SSLCertificateKeyFile="/etc/pki/tls/private/k2patel.in.key" SSLCACertificateFile="/etc/pki/tls/certs/k2patel.in.int.ca" sslEnabledProtocols="TLSv1.1,TLSv1.2" SSLHonorCipherOrder="true" SSLCipherSuite="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"></Connector>

Setting up HSTS with HTTP Native Library.

| web.xml
    <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <init-param>
           <param-name>hstsMaxAgeSeconds</param-name>
           <param-value>31536000</param-value>
        </init-param>
        <init-param>
           <param-name>antiClickJackingEnabled</param-name>
           <param-value>false</param-value>
        </init-param>
        <init-param>
           <param-name>hstsIncludeSubDomains</param-name>
           <param-value>true</param-value>
        </init-param>
        <async-supported>true</async-supported>
    </filter>
 
    <filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

Setting up redirect

| web.xml
    <security-constraint>
       <web-resource-collection>
          <web-resource-name>Entire Application</web-resource-name>
             <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <user-data-constraint>
          <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
    </security-constraint>
tomcat.1591909688.txt.gz · Last modified: 2020/08/10 02:30 (external edit)