I am using Tomcat 8.5.91. When scanning with SSL Labs, it indicates that TLS_FALLBACK_SCSV is not supported, which may leave the server vulnerable to SSL downgrade attacks. Although my SSL/TLS connection test is successful, I want to address this issue by enabling TLS_FALLBACK_SCSV support in my Tomcat web server.
The SSL Labs scan results are as follows:
Offer SSLv2: No Offer SSLv3: No Offer TLS1.0: Yes Offer TLS1.1: Yes Offer TLS1.2: Yes
While I understand that TLS versions 1.0 and later inherently mitigate downgrade attacks, I am committed to implementing additional security measures, including enabling TLS_FALLBACK_SCSV. Therefore, I am seeking guidance on how to enable TLS_FALLBACK_SCSV support in Tomcat 8.5.91. Communities assistance in this matter is greatly appreciated.
Refered this article from stackoverflow : how to enable TLS_FALLBACK_SCSV on apache
#tomcat #tomcatsecurity #ssl #tls
How to Enable TLS_FALLBACK_SCSV support in Tomcat 8.5.x.Help me to get it Done.