If not using CommandBox behind another web server or proxy, you may want to specifically disable older SSL protocols like TLSv1 for security reasons.
This ticket is largely for documentation purposes since the Undertow/XNIO setting has always existed, but it wasn’t possible to use the setting until
Set the following XNIO option
Creating the following server.json
The value is a comm-delimited list of TLS protocols. Invalid ones are ignored per the XNIO docs. The full list of XNIO options are available here:
Testing whether the setting has actually worked can be done with the nmap tool using the following command. Here I’m checking port 443 on local host to see what SSL protocols are enabled:
If not using CommandBox behind another web server or proxy, you may want to specifically disable older SSL protocols like TLSv1 for security reasons.
This ticket is largely for documentation purposes since the Undertow/XNIO setting has always existed, but it wasn’t possible to use the setting until
Set the following XNIO option
Creating the following
server.jsonThe value is a comm-delimited list of TLS protocols. Invalid ones are ignored per the XNIO docs. The full list of XNIO options are available here:
Testing whether the setting has actually worked can be done with the
nmaptool using the following command. Here I’m checking port 443 on local host to see what SSL protocols are enabled:Note, you must install nmap to use it