The CAS test environment (cas-test.its.hawaii.edu) has been updated.
As always, we encourage you to test your applications against the updated environment.
- Tomcat has been updated from 8.0.50 to 8.5.31
This is a somewhat significant update for the Java Servlet Container that the CAS application runs in. The Tomcat 8.0.x track is scheduled for EOL 2018-06-30.
This version supports TLSv1.1 and TLSv1.2. Notably, TLSv1.0 was previously supported, but is not in this update.
Some testers who've encountered handshake protocol
...
errors have resolved the problem with the following (or equivalent) in their
...
client configuration:
- Tomcat
-Dhttps.protocols=TLSv1,TLSv1.2,TLSv1.1- As long you have at least one of the supported protocols
(TLSv1.2,TLSv1.1) it should work TLSv1above is Tomcat's configuration string for TLSv1.0 (ignored by this update to our Tomcat)
- As long you have at least one of the supported protocols
- PHP:
Set
CURLOPT_SSLVERSIONto 5 or 6 (or do not setCURLOPT_SSLVERSION)Code Block language php title reported successful configuration change // curl_setopt($ch, CURLOPT_SSLVERSION, 4); // curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');PHP documentation recommends not setting
CURLOPT_SSLVERSION- Comments suggest, "
CURL_SSLVERSION_TLSv1_1 (5)orCURL_SSLVERSION_TLSv1_2 (6)only work for PHP versions using curl 7.34 or newer"
- Comments suggest, "
Consider deprecating TLSv1.0 in your configuration client configurations if possible though
The following ciphers are supported as determined by SSL Labs' SSL server test:
...