> It seems to me you are listing a cipher that might be correct
> according to the OpenSSL documentation, but then whether that is
> available to your JVM may be different.

That is for sure not the problem - just use the "ciphers.sh" from the
binary directory of tomcat which will list you all possible ciphers you
can use - and those match the ones I want to use.

> Maybe you can run some small java application on the very same JVM to
> simply list the supported ciphers? At least that would give you an
> authorative list of ciphers you can put into the configuration file.

No need for that, tomcat already has that - use ciphers.sh .

As Thomas found, it is a known bug / missing feature of tomcat - you
can't configure TLS 1.3 ciphers in tomcat yet if you want to use the
OpenSSL native implementation and Mark Thomas confirmed that here:


That was 08/2019 - but it still is unsupported in 03/2022 - maybe I'll
do a patch for that one ;).

kind regards


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to