So it seems to work. For whoever is interested to try, the openjsse comes 
prebundled with Azul's distro, all you need to do is run with -XX:+UseOpenJSSE 
command line option. On TC side, I added "TLSv1.3" to "sslEnabledProtocols":

sslEnabledProtocols="+TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3"

Also not sure if I had to but also added the 1.3 ciphers under ciphers 
attribute:

ciphers="TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, 
TLS_CHACHA20_POLY1305_SHA256,...."

I am getting some socket warnings though [1]. Anyone knows if those are benign?

George


[1]

ERROR 2019-08-02 13:25:31,425 [SYSERR] -- [] 
javax.net.ssl|DEBUG|01|main|2019-08-02 13:24:51.000 
MDT|SSLCipher.java:436|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding KeyUpdate 
2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|03|Finalizer|2019-08-02 13:24:51.228 
MDT|SSLSocketImpl.java:473|duplex close of SSLSocket
javax.net.ssl|WARNING|03|Finalizer|2019-08-02 13:24:51.230 
MDT|SSLSocketImpl.java:494|SSLSocket duplex close failed (
"throwable" : {
  java.net.SocketException: Socket is not connected
        at java.net.Socket.shutdownOutput(Socket.java:1553)
        at 
org.openjsse.sun.security.ssl.BaseSSLSocketImpl.shutdownOutput(BaseSSLSocketImpl.java:233)
        at 
org.openjsse.sun.security.ssl.SSLSocketImpl.duplexCloseOutput(SSLSocketImpl.java:561)
        at 
org.openjsse.sun.security.ssl.SSLSocketImpl.close(SSLSocketImpl.java:479)
        at 
org.openjsse.sun.security.ssl.BaseSSLSocketImpl.finalize(BaseSSLSocketImpl.java:276)
        at java.lang.System$2.invokeFinalize(System.java:1270)
        at java.lang.ref.Finalizer.runFinalizer(Finalizer.java:102)
        at java.lang.ref.Finalizer.access$100(Finalizer.java:34)
        at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:217)}

)
javax.net.ssl|DEBUG|03|Finalizer|2019-08-02 13:24:51.230 
MDT|SSLSocketImpl.java:473|duplex close of SSLSocket
javax.net.ssl|WARNING|03|Finalizer|2019-08-02 13:24:51.230 
MDT|SSLSocketImpl.java:494|SSLSocket duplex close failed (
"throwable" : {
  java.net.SocketException: Socket is not connected
        at java.net.Socket.shutdownOutput(Socket.java:1553)
        at 
org.openjsse.sun.security.ssl.BaseSSLSocketImpl.shutdownOutput(BaseSSLSocketImpl.java:233)
        at 
org.openjsse.sun.security.ssl.SSLSocketImpl.duplexCloseOutput(SSLSocketImpl.java:561)
        at 
org.openjsse.sun.security.ssl.SSLSocketImpl.close(SSLSocketImpl.java:479)
        at 
org.openjsse.sun.security.ssl.BaseSSLSocketImpl.finalize(BaseSSLSocketImpl.java:276)
        at java.lang.System$2.invokeFinalize(System.java:1270)
        at java.lang.ref.Finalizer.runFinalizer(Finalizer.java:102)
        at java.lang.ref.Finalizer.access$100(Finalizer.java:34)
        at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:217)}

)
javax.net.ssl|DEBUG|3E|https-jsse-nio-8243-exec-2|2019-08-02 13:25:31.164 
MDT|SSLExtensions.java:132|Ignore unknown or unsupported extension (
"unknown extension (13,172)": {

}
)
javax.net.ssl|DEBUG|3E|https-jsse-nio-8243-exec-2|2019-08-02 13:25:31.164 
MDT|SSLExtensions.java:132|Ignore unknown or unsupported extension (
"unknown extension (22)": {

}
)
javax.net.ssl|DEBUG|3E|https-jsse-nio-8243-exec-2|2019-08-02 13:25:31.164 
MDT|SSLExtensions.java:132|Ignore unknown or unsupported extension (
"unknown extension (49)": {

}
)
javax.net.ssl|WARNING|3E|https-jsse-nio-8243-exec-2|2019-08-02 13:25:31.169 
MDT|SignatureScheme.java:282|Signature algorithm, ed25519, is not supported by 
the underlying providers
javax.net.ssl|WARNING|3E|https-jsse-nio-8243-exec-2|2019-08-02 13:25:31.169 
MDT|SignatureScheme.java:282|Signature algorithm, ed448, is not supported by 
the underlying providers


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to