Am Freitag, dem 11.03.2022 um 09:50 +0100 schrieb Torsten Krah: > (error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
Reading that message and looking at: https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites there it is written that with TLS 1.3: Applications should use the SSL_CTX_set_ciphersuites() or SSL_set_ciphersuites() functions to configure TLSv1.3 ciphersuites. Seems tomcat is using *SSL_CTX_set_cipher_list* instead of *SSL_CTX_set_ciphersuites* - maybe someone with knowledge here can confirm that theory. Reading: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_cipher_list.html there is this: SSL_CTX_set_cipher_list() sets the list of available ciphers (TLSv1.2 and below) for ctx using the control string str. The format of the string is described in openssl-ciphers(1). The list of ciphers is inherited by all ssl objects created from ctx. This function does not impact TLSv1.3 ciphersuites. Use SSL_CTX_set_ciphersuites() to configure those. So it seems like a bug to me, right? kind regards Torsten --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
