changelog.xml

markt Thu, 31 Mar 2016 01:53:55 -0700

Author: markt
Date: Thu Mar 31 08:53:38 2016
New Revision: 1737198

URL: http://svn.apache.org/viewvc?rev=1737198&view=rev
Log:
honorCipherOrder default has been changed to false


Modified:
    tomcat/tc8.5.x/trunk/   (props changed)
    tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
    tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Mar 31 08:53:38 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117

Modified: 
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java?rev=1737198&r1=1737197&r2=1737198&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java 
(original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java 
Thu Mar 31 08:53:38 2016
@@ -66,8 +66,6 @@ import org.apache.tomcat.util.res.String
  * <br>
  * Note:
  * <ul>
- * <li>Tomcat needs to be configured with honorCipherOrder="false" otherwise
- *     Tomcat will prefer a cipher suite that is blacklisted by HTTP/2.</li>
  * <li>You will need to nest an &lt;UpgradeProtocol
  *     className="org.apache.coyote.http2.Http2Protocol" /&gt; element inside
  *     a TLS enabled Connector element in server.xml to enable HTTP/2 support.

Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1737198&r1=1737197&r2=1737198&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Thu Mar 31 08:53:38 2016
@@ -81,6 +81,12 @@
       <fix>
         Align cipher configuration parsing with current OpenSSL master. (markt)
       </fix>
+      <update>
+        Change the default for <code>honorCipherOrder</code> to
+        <code>false</code>. With the current default TLS configuration, it is 
no
+        longer necessary for this to be <code>true</code> for a reasonably
+        secure configuration. (markt)
+      </update>
     </changelog>
   </subsection>
   <subsection name="WebSocket">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1737198 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/coyote/http2/Http2UpgradeHandler.java webapps/docs/changelog.xml

Reply via email to