> -----Ursprüngliche Nachricht----- > Von: Torsten Krah <krah...@gmail.com> > Gesendet: Freitag, 11. März 2022 10:01 > An: users@tomcat.apache.org > Betreff: Re: Tomcat 9.0.59 - TLS 1.3 cipher configuration ignored (TLS 1.2 ok) > > Am Freitag, dem 11.03.2022 um 08:52 +0000 schrieb Thomas Hoffmann > (Speed4Trade GmbH): > > Hello, > > > > the protocol attribute looks a bit strange. > > > > I think it should be: > > > > protocols="+TLSv1.2,+TLSv1.3"> > > I tried standalone TLS 1.3 like you suggested: > > protocols="+TLSv1.3" > > still the same exception: > > > 11-Mar-2022 09:57:41.996 WARNUNG [main] > org.apache.tomcat.util.net.openssl.OpenSSLContext.init Fehler beim > initialisieren des SSL Contexts > java.lang.Exception: Unable to configure permitted SSL ciphers > (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match) > > > kind regards > > Torsten > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
Hello, Java and openssl uses different naming. So sslImplementationName is also important. The configuration which works for me is: <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation" maxThreads="150" minSpareThreads="25" URIEncoding="UTF-8" useBodyEncodingForURI="false" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true"> <SSLHostConfig ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" disableSessionTickets="true" honorCipherOrder="false" protocols="+TLSv1.2,+TLSv1.3"> ... Greetings, Thomas