Re: [tomcat] branch 8.5.x updated: Additional configuration required for JSign + DigiCert ONE on Java 7

Christopher Schultz Wed, 18 Aug 2021 10:04:33 -0700

Mark,

On 8/18/21 08:11, ma...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.


markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
      new 9090141  Additional configuration required for JSign + DigiCert ONE 
on Java 7
9090141 is described below

commit 909014193061c119008bf17fb5150423dfb3fb62
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Aug 18 13:11:45 2021 +0100

     Additional configuration required for JSign + DigiCert ONE on Java 7
---
  BUILDING.txt | 13 ++++++++-----
  1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/BUILDING.txt b/BUILDING.txt
index b267d6e..5fe85d4 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -295,12 +295,15 @@ You can build them by using the following commands:
          codesigning.storepass=request-via-pmc

Release managers will be provided with the necessary credentials by the PMC.

-    It will also be necessary to enable TLS 1.1 and TLS 1.2 by default (they 
are
-    disabled by default on Java 7) for the build process to communicate with 
the
-    code signing service. The simplest way is by setting the ANT_OPTS
-    environment variable. E.g. (for Windows):
+    It will also be necessary to enable TLS 1.2 and the correct cipher suite to
+    for the build process to communicate with the code signing service. The
+    simplest way is by setting the ANT_OPTS environment variable.
+    E.g. (for Windows):

- set ANT_OPTS=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

+    set ANT_OPTS=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 
-Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+
+    You will also need to download and install the Java 7 unlimited strength
+    jurisdiction policy files in order to use the above cipher suite.


Ugh. I'm so glad this foolishness isn't required in Java 8 and later.

So we actually have to build 8.5 with Java 7? I think I had been usingJava 8 to build it (oops). We should have -target 1.7 so we won't buildanything that won't run on Java 7 even if built with Java 8... right?


-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch 8.5.x updated: Additional configuration required for JSign + DigiCert ONE on Java 7

Reply via email to