I'm experiencing the exact same issue with 8.5.14 - cipher list seems to be ignored, regardless of what I put in SSLAbs and validating via browser on my website a set of ciphers is used that I have not listed.
I am able to change protocols (for instance, I can remove TLSv1 and the system correctly makes that change), but any changes to ciphers is completely ignored. I've tried adding just one cipher, I've tried OpenSSL and Standard cipher names, I've put in gibberish. All end in the exact same result, no errors in the log and a list of cipher suites that I did not get to pick. I've also validated that the ciphers that I want to use are available to Java - using 1.8, ( http://markmail.org/message/zn4namfhypyxum23#query:+page:1+mid:zn4namfhypyxum23+state:results <http://markmail.org/message/zn4namfhypyxum23#query:+page:1+mid:zn4namfhypyxum23+state:results> ) Really appreciate help or direction that anyone can give! Todd My relevant config: -- View this message in context: http://tomcat.10.x6.nabble.com/8-5-11-8-5-14-using-SSLHostConfig-protocols-and-ciphers-list-ignored-tp5062900p5064726.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org