-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Piyush,
On 8/3/18 2:52 PM, Piyush K wrote: > > Dear tomcat community, > > I have a question - I am using tomcat and OpenSSL (with apr and > tomcat= -native-1.2.16). Versions are as follows :- apr-1-config > 1.5.2 tomcat-native-1.2.16 OpenSSL 1.1.0 Tomcat 8.5.31 > > This works fine with my custom OpenSSL 1.1.0 installation.=20 Next > I wrote my own custom OpenSSL engine for ECDHE (ephemeral even), > howeve= r tomcat native still seems to make calls to the default > ECDHE engine that c= omes with OpenSSL (instead of using mine, even > though I compiled, tested and= installed the needed shared object > in the relevant directory for OpenSSL e= ngines shared objects). > Does the tomcat native code needs to be modified to support a > custom OpenSSL= engine for ECDHE.=20 If yes, can I get some help on > which places and which files one needs to mod= ify (I have looked > at the file sslcontext.c but it is bit very clear on how t= o tie > your custom OpenSSL ECDHE engine with the EC keys being generated) Do you have you own "engine" or are you just replacing one of the cipher suites? What does your Tomcat <Connector> configuration and APR <Listener> look like? You probably have to set the "SSLEngine" attribute to identify your custom engine. http://tomcat.apache.org/tomcat-8.5-doc/config/listeners.html#APR_Lifecy cle_Listener_-_org.apache.catalina.core.AprLifecycleListener - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltlyvAACgkQHPApP6U8 pFjFZQ//QLHn9And0bqhlz/XQ01cwNA4ClpoCcMwd7t9DYsgLx26vRksIYCWiqIp sUUZTlEJ4HDroKZcH4AkxPUER0Y1i0aC3Var4UfgNaojDH0upsX2mrm5P4JXHuXb 6KiRkDfnRrkNAXoOiVFiaP/gK/jMtBDzPOgAGuOpHCDyaxXUCEQK+U0krPbslsLO 3rsQuN/R+qj7DpR9j61Mpj4R4tCq+nKLcUH9xj6NlKfMTSkwaICYerjV1eBD0WAE TI6u7Kd8gB8GLdug8kwct21jxi1vpspaOx5lxy9fe0YwAvvjz2xyT5Z+wlG6L+pT 9e/VGI3wzvSaUP3yk2S3lw6cVmnuGRsODorDgmvzE3XptFl++uPM76QxlktChKjd NsL25/EsxcPCSEiRUnevCPcnoJu4Dl/PdmNOZrd0oVuyRCaSFqOd4cLZ0mwvAjPE TXQ7JKeGwu1MvmHPVoQ8J4uxIwwxhwWV/WGx9FdURjkGjBC9E6VMCi1D3rK2T3U3 LeZhzf9ZKWyI3BFfFZtcEgMZe1lQGu9d8ck4fAgNaFn50v+rDdCGFnfdZhu1htXR +JgzXXwyJMZJQuTDEMrr9xwZxsJjPx2RfSYTyY6iLeRfCsvxpi6gC8AsKKlsL7lV RrWaOfU6sLJA4usrUtDu5fm54UjleW7ZfWvzhO1Kdhde3B9QjEQ= =0b3l -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
