Re: Ability to set cipher suites for websocket connections
On 17 January 2017 at 13:39, Mark Thomaswrote: > On 17/01/2017 11:23, Michael Orr wrote: >> Hi, >> >> There is a user property "org.apache.tomcat.websocket.SSL_PROTOCOLS" >> that you can use to provide the list of permitted SSL protocols when >> connecting to a websocket with WsWebSocketContainer. I was expecting >> that there would be a similar property to allow you to set the list of >> permitted SSL cipher suites as well. >> >> I've checked the code (for version 7.0.73, and also 9.0.0.M15) and >> there doesn't seem to be any mention of such an option. I can see it >> calling SSLEngine.setEnabledProtocols() but not >> SSLEngine.setEnabledCipherSuites(). >> >> Is there a particular reason why there is no >> "org.apache.tomcat.websocket.SSL_CIPHER_SUITES" property, or is it >> simply an oversight? > > No reason I can think of. Patches welcome :) > > Mark > >> >> Thanks, and keep up the great work! >> >> Michael >> I'll see what I can do! Thanks for your fast response. Michael - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Ability to set cipher suites for websocket connections
On 17/01/2017 11:23, Michael Orr wrote: > Hi, > > There is a user property "org.apache.tomcat.websocket.SSL_PROTOCOLS" > that you can use to provide the list of permitted SSL protocols when > connecting to a websocket with WsWebSocketContainer. I was expecting > that there would be a similar property to allow you to set the list of > permitted SSL cipher suites as well. > > I've checked the code (for version 7.0.73, and also 9.0.0.M15) and > there doesn't seem to be any mention of such an option. I can see it > calling SSLEngine.setEnabledProtocols() but not > SSLEngine.setEnabledCipherSuites(). > > Is there a particular reason why there is no > "org.apache.tomcat.websocket.SSL_CIPHER_SUITES" property, or is it > simply an oversight? No reason I can think of. Patches welcome :) Mark > > Thanks, and keep up the great work! > > Michael > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org