Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The CAS test environment (cas-test.its.hawaii.edu) has been updated.

As always, we encourage you to test your applications against the updated environment.

  •  Tomcat has been updated from 8.0.50 to 8.5.31

This is a somewhat significant update for the Java Servlet Container that the CAS application runs in. The Tomcat 8.0.x track is scheduled for EOL 2018-06-30.

This version supports TLSv1.1 and TLSv1.2. Notably, TLSv1.0 was previously supported, but is not in this update.

(warning) Some testers who've encountered handshake protocol errors have resolved the problem with the following (or equivalent) in their client configuration:

  • Tomcat
    • -Dhttps.protocols=TLSv1,TLSv1.2,TLSv1.1
      • As long you have at least one of the supported protocols (TLSv1.2,TLSv1.1) it should work
      • TLSv1 above is Tomcat's configuration string for TLSv1.0 (ignored by this update to our Tomcat)
  • PHP:
    • Set CURLOPT_SSLVERSION to 5 or 6 (or do not set CURLOPT_SSLVERSION)

      Code Block
      languagephp
      titlereported successful configuration change
      // curl_setopt($ch, CURLOPT_SSLVERSION, 4);
      // curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
    • PHP documentation recommends not setting CURLOPT_SSLVERSION

      • Comments suggest, "CURL_SSLVERSION_TLSv1_1 (5) or CURL_SSLVERSION_TLSv1_2 (6) only work for PHP versions using curl 7.34 or newer"
  • (info) Consider deprecating TLSv1.0 in your client configurations if possible

The following ciphers are supported as determined by SSL Labs' SSL server test:

...