Mark,
On 8/18/21 08:11, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 9090141 Additional configuration required for JSign + DigiCert ONE
on Java 7
9090141 is described below
commit 909014193061c119008bf17fb5150423dfb3fb62
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Aug 18 13:11:45 2021 +0100
Additional configuration required for JSign + DigiCert ONE on Java 7
---
BUILDING.txt | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index b267d6e..5fe85d4 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -295,12 +295,15 @@ You can build them by using the following commands:
codesigning.storepass=request-via-pmc
Release managers will be provided with the necessary credentials by the PMC.
- It will also be necessary to enable TLS 1.1 and TLS 1.2 by default (they
are
- disabled by default on Java 7) for the build process to communicate with
the
- code signing service. The simplest way is by setting the ANT_OPTS
- environment variable. E.g. (for Windows):
+ It will also be necessary to enable TLS 1.2 and the correct cipher suite to
+ for the build process to communicate with the code signing service. The
+ simplest way is by setting the ANT_OPTS environment variable.
+ E.g. (for Windows):
- set ANT_OPTS=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
+ set ANT_OPTS=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
-Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+
+ You will also need to download and install the Java 7 unlimited strength
+ jurisdiction policy files in order to use the above cipher suite.
Ugh. I'm so glad this foolishness isn't required in Java 8 and later.
So we actually have to build 8.5 with Java 7? I think I had been using
Java 8 to build it (oops). We should have -target 1.7 so we won't build
anything that won't run on Java 7 even if built with Java 8... right?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org