Am Freitag, dem 11.03.2022 um 09:17 +0000 schrieb Thomas Hoffmann
(Speed4Trade GmbH):
> The configuration which works for me is:
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> sslImplementationName="
> ementation"
>                maxThreads="150" minSpareThreads="25"
>                URIEncoding="UTF-8" useBodyEncodingForURI="false"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                SSLEnabled="true">
>                     <SSLHostConfig ciphers="ECDHE-ECDSA-AES128-GCM-
> RSA-AES256-GCM-SHA384"
>                                                                 disab
> leSessionTickets="true"
>                                                                 honor
> CipherOrder="false"
>                                                                 proto
> cols="+TLSv1.2,+TLSv1.3">

I am using:


and in combination with the native APR in place it does the correct
thing, using OpenSSL - and the error shows that this is in place.

The list of protocols can be either of those - see the ciphers docs:

The ciphers to enable using the OpenSSL syntax. (See the OpenSSL
documentation for the list of ciphers supported and the syntax).
Alternatively, a comma separated list of ciphers using the standard
OpenSSL cipher names or the standard JSSE cipher names may be used.

Your example does not have any TLS 1.3 cipher listet - so you just get
the 3 defaults (which I want / need to change) - and as seen in the
code it won't work anyway, because it does not call:


to set the 1.3 suites.

kind regards


To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to