On Wed, Nov 18, 2020 at 04:45:05PM +0000, Mark Thomas wrote:
On 18/11/2020 03:07, Baron Fujimoto wrote:
On Mon, Nov 16, 2020 at 09:47:03AM +0000, Mark Thomas wrote:
<snip/>
Have you tried adding ":-AES:+AESGCM" to the cipher string you are
already using?
I hadn't (did I miss where these were documented somewhere?). However it
seems like once I add "":-AES", tomcat fails to start with the following
error:
Sorry, wrong information on my part. Try appending:
":-AES:AESGCM"
See https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
Tomcat aims to support the same set of options as the latest stable
OpenSSl release and to return the same set of ciphers for the same input.
Note that due to different defaults in different versions of OpenSSL as
well as support for ciphers being added/removed in some versions we only
aim to replicate the behaviour of the latest stable OpenSSL release
(currently 1.1.1h).
Mahalo, that did the trick!
--
UH Information Technology Services : Identity & Access Mgmt, Middleware
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
