[Bug 62748] New: Add support for TLS 1.3 (RFC 8446)

Thu, 20 Sep 2018 01:59:19 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=62748

            Bug ID: 62748
           Summary: Add support for TLS 1.3 (RFC 8446)
           Product: Tomcat Native
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Library
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Created attachment 36157
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=36157&action=edit
Screenshots confirming tls connection version and browser used

Please add support for TLS 1.3 (RFC 8446) in tomcat-native for use with
APR/tomcat. Latest stable OpenSSL version (1.1.1)  supports it.Even though
OpenSSL 1.1.1 is intended to be  a drop-in replacement, using it with
tomcat-native 1.2.17  and APR 1.6.3 still producess TLS 1.2 connection , here
is tomcat(7.0.70) connector snippet  

   <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector allowTrace="false" server=" " port="8443" maxPostSize="10485760 " 
maxHttpHeaderSize="1048576"
           protocol="org.apache.coyote.http11.Http11AprProtocol"
           connectionTimeout="20000"
           redirectPort="8443"
           SSLHonorCipherOrder="true"
           SSLCertificateFile="/home/idis/STAR_ieml_ru.crt"
           SSLCertificateKeyFile="/home/idis/server.key"
           SSLCertificateChainFile="/home/idis/authorities.crt"

           maxThreads="350"  minSpareThreads="25" SSLEnabled="true"
           enableLookups="false" disableUploadTimeout="true"
           acceptCount="100" scheme="https" secure="true"
   compression="force"
SSLCipherSuite="TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA384,TLS_AES_128_GCM_SHA256,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-ECDSA-AES128-GCM-SHA256,

ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,
ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA"/>

server is started normally(snippet from catalina.out)
Sep 19, 2018 11:09:04 AM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: Loaded APR based Apache Tomcat Native library 1.2.17 using APR version
1.6.3.
Sep 19, 2018 11:09:04 AM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
Sep 19, 2018 11:09:04 AM org.apache.catalina.core.AprLifecycleListener
initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.1.1  11 Sep 2018)
Sep 19, 2018 11:09:06 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8080"]
Sep 19, 2018 11:09:06 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8443"]
Sep 19, 2018 11:09:06 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 3684 ms
Sep 19, 2018 11:09:06 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Sep 19, 2018 11:09:06 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine:
Sep 19, 2018 11:09:06 AM org.apache.catalina.startup.HostConfig
deployDescriptor
INFO: Deploying configuration descriptor
/opt/tomcat/conf/Catalina/localhost/Education.xml
Sep 19, 2018 11:09:32 AM org.apache.catalina.startup.HostConfig
deployDescriptor
INFO: Deployment of configuration descriptor
/opt/tomcat/conf/Catalina/localhost/Education.xml has finished in 26,350 ms
Sep 19, 2018 11:09:32 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/yui
Sep 19, 2018 11:09:33 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory /opt/tomcat/webapps/yui has
finished in 319 ms
Sep 19, 2018 11:09:33 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/ROOT
Sep 19, 2018 11:09:33 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory /opt/tomcat/webapps/ROOT has
finished in 230 ms
Sep 19, 2018 11:09:33 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-apr-8080"]
Sep 19, 2018 11:09:33 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-apr-8443"]
Sep 19, 2018 11:09:33 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 27340 ms

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to