Hi, 2016-03-22 18:04 GMT+02:00 Mark Thomas <[email protected]>: > > On 22/03/2016 07:37, [email protected] wrote: > > Author: violetagg > > Date: Tue Mar 22 07:37:21 2016 > > New Revision: 1736145 > > > > URL: http://svn.apache.org/viewvc?rev=1736145&view=rev > > Log: > > Remove honorCipherOrder="false" from the server.xml. > > When the block is uncommented the implementation will use the default which is honorCipherOrder="true" > > Patch provided by Huxing Zhang > > I'm not sure this is entirely the right approach. > > honorCipherOrder was more necessary a few years ago when servers > supported weak ciphers and clients asked for them early in the priority > list. The TLS landscape has changed a lot since then. > > I think we can make the default for honorCipherOrder false.
I reverted this in Tomcat 9.0.0 Regards, Violeta > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
