Torsten,

On 3/11/22 06:03, Torsten Krah wrote:
It seems to me you are listing a cipher that might be correct
according to the OpenSSL documentation, but then whether that is
available to your JVM may be different.

That is for sure not the problem - just use the "ciphers.sh" from the
binary directory of tomcat which will list you all possible ciphers you
can use - and those match the ones I want to use.


Maybe you can run some small java application on the very same JVM to
simply list the supported ciphers? At least that would give you an
authorative list of ciphers you can put into the configuration file.

No need for that, tomcat already has that - use ciphers.sh .

As Thomas found, it is a known bug / missing feature of tomcat - you
can't configure TLS 1.3 ciphers in tomcat yet if you want to use the
OpenSSL native implementation and Mark Thomas confirmed that here:

https://lists.apache.org/thread/q8lmp40xkn0b4k4o6n05n9fyttlvmd22

That was 08/2019 - but it still is unsupported in 03/2022 - maybe I'll
do a patch for that one ;).

If you do, please make sure you use appropriate #ifdefs in order to allow it to compile against multiple versions of OpenSSL, not just whatever version you happen to have installed on your local machine.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to