Mark Thomas and Christopher Schultz wrote:
You want:
sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"
And to answer my question above, because that is the way the JSSE
API has been written.
We should probably just merge these into a single attribute and "do
the right thing":
1. If not specified, do nothing unusual
2. If the value includes a ",", use it for sslEnabledProtocols, use
"TLS" as sslProtocol
3. Otherwise, use value for both sslProtocol AND sslEnabledProtocols
Practically speaking, the only useful value for sslProtocol today is
"TLS". You can specify e.g. "TLSv1.2" and I think it will restrict
sslEnabledProtocols to TLSv1.2 but using the same value for both has
the same effect, of course.
In the future, if anything other than "TLS" makes sense for
sslProtocol, we can change Tomcat to support that.
We should also probably have SSLEnabled="true" be the default if any
TLS-related configuration option is used on a connector.
WDYT?
Well, I think (from direct experience) that for Tomcat 7 running on an
AS/400, "merge these into a single attribute and 'do the right thing'"
*is* how it works, so the entirety of Christopher's suggestion makes
perfect sense to me.
At any rate, thanks to both of you; it works.
Although it does raise the question of whether the observed behavior in
Tomcat 7 on an AS/400 is a Tomcat 7 thing or an AS/400 thing.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
