On 22/08/2025 07:53, S Abirami wrote:
<snip/>
Questions:
1. Why are the cipher configuration properties not being recognized in the
connector configuration?
No idea. Your organisation wrote the protocol implementation. That would
be a question for your development team.
I will note that is that were a standard Tomcat connector, that
configuration will not work as that configuration style for TLS was
deprecated in Tomcat 9 and removed entirely in Tomcat 10.1 and 11
I'll further note that the custom Connector appears to be trying (and I
guarantee it will be failing) to encrypt some Connector settings.
https://cwiki.apache.org/confluence/display/TOMCAT/Password
If you really need to implement such pointlessness, I'd suggest using
the PropertySource approach rather than implementing your own protocol -
it will be a lot less susceptible to changes in the Tomcat code base.
2. Are there any Tomcat security policies that override explicit cipher
configurations in server.xml?
No, but given that this isn't a Tomcat connector, that is the wrong
question, sent to the wrong people.
3. If there are security configurations that disable certain cipher suites
(particularly RSA key exchange ciphers), could you please provide:
* The specific configuration files or properties involved
* Documentation on how these security policies work
* Methods to override or customize these policies if needed
N/A.
4. What is the correct way to explicitly control cipher suites in Tomcat to
ensure only our specified ciphers are available.
Again, a question for your internal development team that wrote the
protocol implementation you are using.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
