I've got a Liferay 6.2 server running on tomcat 7.0 behind Apache 2.4. Apache is handling SSL for the site that Liferay is serving, and all is well with inbound connections. What I'm having some trouble with is that one of the important parts of the site embeds content (with authorization) from another of our servers, and when the site process makes the outbound HTTPS query, it apparently fails handshake all the way back to TLS 1.0.
This means I can't secure the second server better until I can fix the Liferay server so it will accept an answer with a better version of TLS. This is proving to be hard for me to search about, since virtually all resources on the web and here on SF seem to be about securing inbound connections, not outbound ones.
The Liferay server needs to make the outbound call to get an authorization token that it rewrites into the URL for the embedded content presented to the user's browser.
Unfortunately, I'm not very well versed in the Java ecosystem, and I didn't write the code that's reaching out to the second server. I'm hoping someone has had some similar experience and can share with me, if not an answer, at least some terminology that might be better to research with. Here's hoping.
