On 05/02/2018 02:14, Indunil Rathnayake wrote:

On 2 February 2018 at 19:55, Christopher Schultz <
ch...@christopherschultz.net> wrote:

Hash: SHA256


On 2/2/18 5:35 AM, Mark Thomas wrote:
On 02/02/18 04:06, Christopher Schultz wrote:


It seems reasonable for Tomcat to verify that any "critical"
key-use extensions are respected, and perhaps even some
non-critical ones.

I'd assume that JSSE / OpenSSl do this automatically. Is there any
evidence that they do not?

Sorry, I meant to say that Tomcat should probably perform those checks
if the underlying TLS handler is not already doing them, or instruct
the underlying handler to perform those checks if they are not already
being done and can be done during the handshake.

Thanks.. Appreciate if you can share some reference for how we can enable
this validation through a tomcat handler.

I'll repeat. Is there any evidence that this is not already being performed in JSSE / OpenSSL by default?


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to