https://issues.apache.org/bugzilla/show_bug.cgi?id=54690
--- Comment #5 from Mark Thomas <ma...@apache.org> --- Digging into the OpenJDK source code it appears that the JVM behaviour is by design. The defaults are different for client and server connections and SSLContext.getDefaultSSLParameters() returns the defaults for client connections not server connections. We currently use SSLContext.getDefaultSSLParameters() to get the default ciphers and the default protocols. The protocols are different for clients and servers (this bug) and so are the ciphers (an additional issue no-one has reported). Both these issues need to be fixed. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
