This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9f299fdea3 Will need to include TLS 1.3 ciphers in defaults with
native changes
9f299fdea3 is described below
commit 9f299fdea3cbdf1a9d920d0f8d368e4e5d12d1d0
Author: Mark Thomas <[email protected]>
AuthorDate: Fri Dec 12 10:25:22 2025 +0000
Will need to include TLS 1.3 ciphers in defaults with native changes
---
java/org/apache/tomcat/util/net/SSLHostConfig.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index fc4615f829..b2aa792d8b 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -59,7 +59,9 @@ public class SSLHostConfig implements Serializable {
// keys in Maps.
protected static final String DEFAULT_SSL_HOST_NAME = "_default_";
protected static final Set<String> SSL_PROTO_ALL_SET = new HashSet<>();
- public static final String DEFAULT_TLS_CIPHERS =
"HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA";
+ private static final String DEFAULT_TLS_12_BELOW_CIPHERS =
"HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA";
+ private static final String DEFAULT_TLS_13_ABOVE_CIPHERS =
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
+ public static final String DEFAULT_TLS_CIPHERS =
DEFAULT_TLS_12_BELOW_CIPHERS + ":" + DEFAULT_TLS_13_ABOVE_CIPHERS;
static {
/*
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
