Am Dienstag, dem 15.03.2022 um 15:29 +0100 schrieb Rémy Maucherat:
> I used Panama for prototyping, SSL_CTX_set_ciphersuites works but is
>
> not so trivial to use. If you try using the ciphersuite for more than
>
> 1.3, there will be warnings (which I improved), and the default
> Tomcat
>
>
On Fri, Mar 11, 2022 at 6:58 PM Christopher Schultz
wrote:
>
> Torsten,
>
> On 3/11/22 06:03, Torsten Krah wrote:
> >> It seems to me you are listing a cipher that might be correct
> >> according to the OpenSSL documentation, but then whether that is
> >> available to your JVM may be different.
>
Torsten,
On 3/11/22 06:03, Torsten Krah wrote:
It seems to me you are listing a cipher that might be correct
according to the OpenSSL documentation, but then whether that is
available to your JVM may be different.
That is for sure not the problem - just use the "ciphers.sh" from the
binary
> It seems to me you are listing a cipher that might be correct
> according to the OpenSSL documentation, but then whether that is
> available to your JVM may be different.
That is for sure not the problem - just use the "ciphers.sh" from the
binary directory of tomcat which will list you all
yway and give a direct hint for all future encounters of this problem.
Hiran
-Original Message-
From: Torsten Krah
Sent: Friday, March 11, 2022 9:51
To: users@tomcat.apache.org
Subject: Re: Tomcat 9.0.59 - TLS 1.3 cipher configuration ignored (TLS 1.2 ok)
CAUTION: External mail. Be car
Am Freitag, dem 11.03.2022 um 09:17 + schrieb Thomas Hoffmann
(Speed4Trade GmbH):
> The configuration which works for me is:
>
> protocol="org.apache.coyote.http11.Http11NioProtocol"
>
>
> sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImpl
> ementation"
>
>
Am Freitag, dem 11.03.2022 um 10:09 +0100 schrieb Torsten Krah:
> So it seems like a bug to me, right?
I had a quick look on the JNI SSLContext code + the native
implementation:
TCN_IMPLEMENT_CALL(jboolean, SSL, setCipherSuites)(TCN_STDARGS, jlong ssl,
Am Freitag, dem 11.03.2022 um 09:50 +0100 schrieb Torsten Krah:
> (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
Reading that message and looking at:
https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites
there it is written that with TLS 1.3:
Applications should use the
Am Freitag, dem 11.03.2022 um 08:52 + schrieb Thomas Hoffmann
(Speed4Trade GmbH):
> Hello,
>
> the protocol attribute looks a bit strange.
>
> I think it should be:
>
> protocols="+TLSv1.2,+TLSv1.3">
I tried standalone TLS 1.3 like you suggested:
protocols="+TLSv1.3"
still the same
Interesting exception on startup when using TLS 1.3 only - configured
the connector like this:
using only TLS 1.3 and the configured ciphers but now I get this on startup:
11-Mar-2022 09:43:42.753 WARNUNG [main]
org.apache.tomcat.util.net.openssl.OpenSSLContext.init Fehler beim
10 matches
Mail list logo
