https://issues.apache.org/bugzilla/show_bug.cgi?id=55988
Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Connectors |Connectors Version|trunk |unspecified Product|Tomcat 8 |Tomcat 9 Target Milestone|---- |----- --- Comment #15 from Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com> --- Chris, (In reply to Christopher Schultz from comment #14) > Ognjen, if you are still willing to produce a patch, consider writing it > against trunk, which will require Java 8 so won't need the reflection. If we > decide to back-port to Tomcat 8, the reflection can be re-introduced. Ok. I will attach patch for Tomcat 9. As you suggested: 1. Parameter name is useServerCipherSuitesOrder insted of useCipherSuitesOrder. 2. Code is deduplicated / moved to superclass. To test it: (1) Install JDK 1.8.0 (2) Install Java 8 JCE Unlimited Strength (3) Apply patch, build Tomcat (4) Add JSSE Connector configuration to server.xml: <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" useServerCipherSuitesOrder="true" ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA" /> (5) Start Tomcat. Forward Secrecy is enabled (on all clients that support it) To test with NIO2, just replace Http11NioProtocol with Http11Nio2Protocol. -Ognjen -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org