On 18/11/2020 03:07, Baron Fujimoto wrote: > On Mon, Nov 16, 2020 at 09:47:03AM +0000, Mark Thomas wrote:
<snip/> >> Have you tried adding ":-AES:+AESGCM" to the cipher string you are >> already using? > > I hadn't (did I miss where these were documented somewhere?). However it > seems like once I add "":-AES", tomcat fails to start with the following > error: Sorry, wrong information on my part. Try appending: ":-AES:AESGCM" See https://www.openssl.org/docs/man1.1.1/man1/ciphers.html Tomcat aims to support the same set of options as the latest stable OpenSSl release and to return the same set of ciphers for the same input. Note that due to different defaults in different versions of OpenSSL as well as support for ciphers being added/removed in some versions we only aim to replicate the behaviour of the latest stable OpenSSL release (currently 1.1.1h). Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
