Hi Christopher, Below is my Connector element, sslEnabledProtocols =TLSv1.2 ,TLS 1.3 it is working fine with TLSv1.2. When sslEnabledProtocols=TLSv1.3, Tomcat is started but, the browser unable to perform handshake with webapp.
Is there any dependency with Cipher suites? <Connector protocol="com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp" port="<fourdigit number>" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/opt/cert/keystore" keystorePass="<Keystore_Password>" clientAuth="false" maxHttpHeaderSize="8192" server="<SERVER>" xpoweredBy="false" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA" sslEnabledProtocols=" TLSv1.3"/> Regards, Abirami.S -----Original Message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Monday, June 28, 2021 7:27 PM To: users@tomcat.apache.org Subject: Re: TLSv1.3 Support in Tomcat Abirami, On 6/28/21 07:16, S Abirami wrote: > TLSv1.3 support is available in Tomcat. > > I tried just updating server.xml[sslEnabledProtocols=TLSv1.3] and > restarted tomcat. It doesn't work. > > [We are using Tomcat 9.0.46 and JDK 8u291] > > Please let me know any other configuration also needs to be changed. Can you please post your <Connector> configuration (minus any secrets)? When you say "it doesn't work", what exactly do you mean? -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org