On 19/10/2021 06:20, Natraj Thekkan wrote:
Hi Mark or Chris,
Based on Chris statement, it has to be addressed in tomcat.
No, you has misunderstood Chris's statement. All the evidence so far
points to user error.
Again, you need to provide the simplest, *complete* test case (i.e. the
source code for an executable Java class that starts a Tomcat instance
that listens for HTTP/2 connections) that responds to TLS 1.0 and 1.1
connections when configured not to.
Can I raise a Bug in Bugzilla for this observation?.
No.
Mark
Regards,
Natraj
-----Original Message-----
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Monday, October 18, 2021 10:14 PM
To: users@tomcat.apache.org
Subject: Re: Restriction of TLS version in HTTP2 over HTTPS with OpenSSL
Natraj,
On 10/18/21 01:19, Natraj Thekkan wrote:
@Mark
Thanks for your response.
We have tested by removing that line of code, still client able to establish
the connection with server using TLSv1 and TLSv1.1. Below one is configured in
java.security file.
jdk.tls.disabledAlgorithms=SSLv3,TLSv1,TLSv1.1,RC4,MD5withRSA,ADH,DH,DHE,
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
Note that OpenSSL will ignore the jdk.tls.disabledAlgorithms setting.
Mark (and others), maybe we should take jdk.tls.disabledAlgorithms into account
when configuring OpenSSL through JSSE, since a user might expect that all JSSE
providers will respect that setting.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org