Testing with the "bad" configuration (i.e., no keyAlias clause), Firefox
still reports "DLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys, TLS
1.2" and Chrome still rejects the site outright.
And the relevant sections of an SSLLabs scan, so far as I can determine,
look *exactly like the sections I saved as a PDF Friday (and I saved the
relevant sections as a PDF because that was the easiest way to visually
compare the saved report to the live one).
The only difference I can see is that unlike other customer
installations that are on either Tomcat 8 or Tomcat 9, and work just
fine without the keyAlias clause, this one installation is on Tomcat 7,
because the OS version, available Java versions, and PTF level (of both
the OS and the Java) don't get along well with Tomcat 8, and aren't
expected to get along at all with Tomcat 9.
It makes no sense to me.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
