see also Bug 53952 for native. In http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL%20Support, the "sslProtocol" attribute would have to be String[], i.e. e.g. comma separated protocol list currently, TLSv1.2 can be put there, but it doesn't appear to have a limiting effect on TLSv1.0 http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
(In reply to Ralf Hauser from comment #0) > In http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL%20Support, > the "sslProtocol" attribute would have to be String[], i.e. e.g. comma > separated protocol list You created bug for Tomcat 7, but you are quoting Tomcat 6 docs. HTTPS connector in Tomcat 7 has attribute sslEnabledProtocols by which you may specify only desired protocols, e.g. TLS 1.1 and TLS 1.2. The same attribute in Tomcat 6 is called "protocols", but it is undocumented. Take a look at the bug 54691.
Cool, this makes https://www.ssllabs.com/ssltest/analyze.html?d=mysite.tld happy except for the renegotiation (bug 55536) but firefox cannot connect anymore...