This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 7129db33aa2797b8da17a9aeffeedfafdc725e7a
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Aug 9 14:12:05 2023 +0100
Warn when non default ciphers are removed because the engine reject
them.
---
java/org/apache/tomcat/util/net/SSLUtilBase.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java
b/java/org/apache/tomcat/util/net/SSLUtilBase.java
index afc4fe4531..e9d4726201 100644
--- a/java/org/apache/tomcat/util/net/SSLUtilBase.java
+++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java
@@ -121,10 +121,11 @@ public abstract class SSLUtilBase implements SSLUtil {
sslHostConfig.setTls13RenegotiationAvailable(isTls13RenegAuthAvailable());
// Calculate the enabled ciphers
+ boolean warnOnSkip =
!sslHostConfig.getCiphers().equals(SSLHostConfig.DEFAULT_TLS_CIPHERS);
List<String> configuredCiphers = sslHostConfig.getJsseCipherNames();
Set<String> implementedCiphers = getImplementedCiphers();
List<String> enabledCiphers =
- getEnabled("ciphers", getLog(), false, configuredCiphers,
implementedCiphers);
+ getEnabled("ciphers", getLog(), warnOnSkip, configuredCiphers,
implementedCiphers);
this.enabledCiphers = enabledCiphers.toArray(new String[0]);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
