Interesting exception on startup when using TLS 1.3 only - configured the connector like this:
<SSLHostConfig protocols="TLSv1.3" honorCipherOrder="true" ciphers="TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_CCM_SHA256"> </SSLHostConfig> using only TLS 1.3 and the configured ciphers but now I get this on startup: 11-Mar-2022 09:43:42.753 WARNUNG [main] org.apache.tomcat.util.net.openssl.OpenSSLContext.init Fehler beim initialisieren des SSL Contexts java.lang.Exception: Unable to configure permitted SSL ciphers (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match) at org.apache.tomcat.jni.SSLContext.setCipherSuite(Native Method) at org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:329) at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:245) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) at org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:144) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1227) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1240) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:603) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1046) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1042) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.startup.Catalina.load(Catalina.java:724) at org.apache.catalina.startup.Catalina.load(Catalina.java:746) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475) The cipher names does match: https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites and https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.4 I am lost at that point, maybe someone has an idea. kind regards Torsten --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org