> On Nov 23, 2022, at 22:12, Edwin Mwangi <edwin.mwa...@gmail.com> wrote:
>
> I need help with the correct parameter for setting Ciphers in Apache Tomcat
> 10.1.2, in the previous version 9 i would use the parameter below
>
> ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"
>
> However when I set the same in Apache Tomcat 10.1.2 I get the following
> error in the logfiles
>
> 23-Nov-2022 23:06:47.760 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property
> [ciphers] to [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
>
> Please see the config I'm currently using
>
> <Connector
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> port="8443"
> maxThreads="150"
> SSLEnabled="true">
> <SSLHostConfig>
> <Certificate
> certificateKeystoreFile="${user.home}/.keystore"
> certificateKeystorePassword="changeit"
> type="RSA"
> ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"
> />
> </SSLHostConfig>
> </Connector>
>
If I’m reading the documentation correctly, the ciphers property belongs to
SSLHostConfig, not Certificate. Perhaps 9.0 simply ignored the misplaced
attribute and used the default.
- Chuck
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
