> -----Ursprüngliche Nachricht-----
> Von: Torsten Krah <krah...@gmail.com>
> Gesendet: Freitag, 11. März 2022 10:01
> An: users@tomcat.apache.org
> Betreff: Re: Tomcat 9.0.59 - TLS 1.3 cipher configuration ignored (TLS 1.2 ok)
>
> Am Freitag, dem 11.03.2022 um 08:52 +0000 schrieb Thomas Hoffmann
> (Speed4Trade GmbH):
> > Hello,
> >
> > the protocol attribute looks a bit strange.
> >
> > I think it should be:
> >
> > protocols="+TLSv1.2,+TLSv1.3">
>
> I tried standalone TLS 1.3 like you suggested:
>
> protocols="+TLSv1.3"
>
> still the same exception:
>
>
> 11-Mar-2022 09:57:41.996 WARNUNG [main]
> org.apache.tomcat.util.net.openssl.OpenSSLContext.init Fehler beim
> initialisieren des SSL Contexts
> java.lang.Exception: Unable to configure permitted SSL ciphers
> (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
>
>
> kind regards
>
> Torsten
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
Hello,
Java and openssl uses different naming. So sslImplementationName is also
important.
The configuration which works for me is:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
maxThreads="150" minSpareThreads="25"
URIEncoding="UTF-8" useBodyEncodingForURI="false"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true">
<SSLHostConfig
ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
disableSessionTickets="true"
honorCipherOrder="false"
protocols="+TLSv1.2,+TLSv1.3">
...
Greetings, Thomas
