This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 7129db33aa2797b8da17a9aeffeedfafdc725e7a Author: Mark Thomas <ma...@apache.org> AuthorDate: Wed Aug 9 14:12:05 2023 +0100 Warn when non default ciphers are removed because the engine reject them. --- java/org/apache/tomcat/util/net/SSLUtilBase.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/org/apache/tomcat/util/net/SSLUtilBase.java b/java/org/apache/tomcat/util/net/SSLUtilBase.java index afc4fe4531..e9d4726201 100644 --- a/java/org/apache/tomcat/util/net/SSLUtilBase.java +++ b/java/org/apache/tomcat/util/net/SSLUtilBase.java @@ -121,10 +121,11 @@ public abstract class SSLUtilBase implements SSLUtil { sslHostConfig.setTls13RenegotiationAvailable(isTls13RenegAuthAvailable()); // Calculate the enabled ciphers + boolean warnOnSkip = !sslHostConfig.getCiphers().equals(SSLHostConfig.DEFAULT_TLS_CIPHERS); List<String> configuredCiphers = sslHostConfig.getJsseCipherNames(); Set<String> implementedCiphers = getImplementedCiphers(); List<String> enabledCiphers = - getEnabled("ciphers", getLog(), false, configuredCiphers, implementedCiphers); + getEnabled("ciphers", getLog(), warnOnSkip, configuredCiphers, implementedCiphers); this.enabledCiphers = enabledCiphers.toArray(new String[0]); } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org