On 17/01/2017 19:32, Christopher Schultz wrote: > Mark, > > On 1/17/17 8:39 AM, Mark Thomas wrote: >> On 17/01/2017 11:23, Michael Orr wrote: >>> Hi, >>> >>> There is a user property >>> "org.apache.tomcat.websocket.SSL_PROTOCOLS" that you can use to >>> provide the list of permitted SSL protocols when connecting to a >>> websocket with WsWebSocketContainer. I was expecting that there >>> would be a similar property to allow you to set the list of >>> permitted SSL cipher suites as well. >>> >>> I've checked the code (for version 7.0.73, and also 9.0.0.M15) >>> and there doesn't seem to be any mention of such an option. I >>> can see it calling SSLEngine.setEnabledProtocols() but not >>> SSLEngine.setEnabledCipherSuites(). >>> >>> Is there a particular reason why there is no >>> "org.apache.tomcat.websocket.SSL_CIPHER_SUITES" property, or is >>> it simply an oversight? > >> No reason I can think of. Patches welcome :) > > I'm curious: since the existing <Connector> (possibly) contains a TLS > configuration, why does Websocket specifically require a separate > configuration?
This is for the WebSocket client, not the server. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
