The CAS test environment (cas-test.its.hawaii.edu) has been updated.
As always, we encourage you to test your applications against the updated environment.
- Tomcat has been updated from 8.0.50 to 8.5.31
This is a somewhat significant update for the Java Servlet Container that the CAS application runs in. The Tomcat 8.0.x track is scheduled for EOL 2018-06-30.
This version supports TLSv1.1 and TLSv1.2. Notably, TLSv1.0 was previously supported, but is not in this update.
...
- Tomcat
-Dhttps.protocols=TLSv1,TLSv1.2,TLSv1.1- As long you have at least one of the supported protocols
(TLSv1.2,TLSv1.1) it should work TLSv1above is Tomcat's configuration string for TLSv1.0 (ignored by this update to our Tomcat)
- As long you have at least one of the supported protocols
- PHP:
PHP documentation recommends not setting Set
CURLOPT_SSLVERSIONto 5 or 6 (or do not setCURLOPT_SSLVERSION)Code Block language php title reported successful configuration change // curl_setopt($ch, CURLOPT_SSLVERSION, 4); // curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
PHP documentation recommends not setting
CURLOPT_SSLVERSION
comments suggest, "CURL_SSLVERSION_TLSv1_1 (5)orCURL_SSLVERSION_TLSv1_2 (6)only work for PHP versions using curl 7.34 or newer"
Consider deprecating TLSv1.0 in your client configurations if possible
...