[tomcat] branch main updated: Skip setting TLS 1.3 ciphers with the defaults

Tue, 05 Apr 2022 12:00:18 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 3cb24e6780 Skip setting TLS 1.3 ciphers with the defaults
3cb24e6780 is described below

commit 3cb24e67801ee18c79a7972b5c995d26bcfeb1dc
Author: remm <[email protected]>
AuthorDate: Tue Apr 5 20:59:39 2022 +0200

    Skip setting TLS 1.3 ciphers with the defaults
---
 modules/openssl-java17/pom.xml                                          | 2 +-
 .../java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/openssl-java17/pom.xml b/modules/openssl-java17/pom.xml
index f0049451de..09e239ae89 100644
--- a/modules/openssl-java17/pom.xml
+++ b/modules/openssl-java17/pom.xml
@@ -31,7 +31,7 @@
     <version>0.1-SNAPSHOT</version>
 
     <properties>
-        <tomcat.version>9.0.60</tomcat.version>
+        <tomcat.version>9.0.62</tomcat.version>
         
<project.build.outputTimestamp>2021-12-02T12:00:00Z</project.build.outputTimestamp>
     </properties>
 
diff --git 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 66942b8d8a..ee2ab2f9d1 100644
--- 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -569,7 +569,7 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
                     log.warn(sm.getString("engine.failedCipherList", 
sslHostConfig.getCiphers()));
                 }
             }
-            if (maxTlsVersion >= TLS1_3_VERSION()) {
+            if (maxTlsVersion >= TLS1_3_VERSION() && 
(sslHostConfig.getCiphers() != SSLHostConfig.DEFAULT_TLS_CIPHERS)) {
                 if (SSL_CTX_set_ciphersuites(state.sslCtx, 
CLinker.toCString(sslHostConfig.getCiphers(), state.contextScope)) <= 0) {
                     log.warn(sm.getString("engine.failedCipherSuite", 
sslHostConfig.getCiphers()));
                 }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to