This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 769ccf9118 Warn when non default ciphers are removed because the
engine reject them.
769ccf9118 is described below
commit 769ccf9118df4c163985f6c49d16d59f7bb7bdeb
Author: Jean-Frederic Clere <jfcl...@gmail.com>
AuthorDate: Tue Aug 8 17:09:35 2023 +0200
Warn when non default ciphers are removed because the engine reject
them.
---
java/org/apache/tomcat/util/net/SSLUtilBase.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java
b/java/org/apache/tomcat/util/net/SSLUtilBase.java
index bdbf893f6a..ad6e78d182 100644
--- a/java/org/apache/tomcat/util/net/SSLUtilBase.java
+++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java
@@ -127,10 +127,11 @@ public abstract class SSLUtilBase implements SSLUtil {
// TODO: sslHostConfig can query that with Panama, but skip for now
this.enabledCiphers = new String[0];
} else {
+ boolean warnOnSkip =
!sslHostConfig.getCiphers().equals(sslHostConfig.DEFAULT_TLS_CIPHERS);
List<String> configuredCiphers =
sslHostConfig.getJsseCipherNames();
Set<String> implementedCiphers = getImplementedCiphers();
List<String> enabledCiphers =
- getEnabled("ciphers", getLog(), false, configuredCiphers,
implementedCiphers);
+ getEnabled("ciphers", getLog(), warnOnSkip,
configuredCiphers, implementedCiphers);
this.enabledCiphers = enabledCiphers.toArray(new String[0]);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
