Home > Mobile >  Since when did XML Schema URL used in spring start supporting only from over TLS1.2?
Since when did XML Schema URL used in spring start supporting only from over TLS1.2?

Time:11-18

I built a web application with Spring 3.2.18.RELEASE, JDK7, and Tomcat7 before.

Lately I deployed some jsp files and restarted Tomcat and It showed me this error message.

Caused by: org.xml.sax.SAXParseException; lineNumber: 4; columnNumber: 130; cvc-elt.1: Cannot find the declaration of element 'beans'.

It turned out that I set the xsi:schemaLocation to 'https://www.springframework.org/schema/beans/spring-beans.xsd'

and it wasn't possible to load the xml because of TLS version of JDK.


So I googled when the schema xml stopped supporting TLS 1.0 and 1.1.

but I couldn't find any.

I already got to know I need to upgrade Spring, JDK, and Tomcat by reading dozens of articles.

I hope somebody can tell me WHEN it happened or

it'd be thankful at least let me know where to find it.

ps. I couldn't find the answer on www.springframework.org. I tagged 'spring-boot' here because it says I can get help by that.


UPDATED

I'm sorry my question was ambiguous.

Thanks to a number of articles and comments here, I got to know how to solve my problem and it worked great.

The reason I posted this question is that

if I add -Dhttps.protocols=TLSv1.2 option, my webapp works fine just like before.

If I change it into TLSv1.0 or v1.1, I can see exactly same error message.

The webapp worked fine without it before and now it requires the option at least on JDK7.

My colleague said 20,Oct was the last time she restarted Tomcat and it was fine.

So I believe something happend between 20,Oct and yesterday.

CodePudding user response:

I don't know exactly when www.springframework.org stopped supporting TLSv1.0, 1.1

but I'm sure it might be between 20, Oct and 10, Nov.


Recently, many browsers start to stop supporting TLSv1.0 and 1.1 because of security measure.

And I think that's why www.springframework.org did it.


Folks.

Please DO upgrade your JDK or at least TLS in advance. ( T^T)

  • Related