On 02/02/18 04:06, Christopher Schultz wrote: <snip/>
> It seems reasonable for Tomcat to verify that any "critical" key-use > extensions are respected, and perhaps even some non-critical ones. I'd assume that JSSE / OpenSSl do this automatically. Is there any evidence that they do not? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org