https://bz.apache.org/bugzilla/show_bug.cgi?id=59120
Bug ID: 59120 Summary: The protocol "TLS" has different interpretation in different JRE, better use "SSL" Product: Tomcat 8 Version: trunk Hardware: All OS: All Status: NEW Severity: major Priority: P2 Component: WebSocket Assignee: dev@tomcat.apache.org Reporter: caij...@apache.org In the class [1], its createSSLEngine() method uses the protocol name "TLS" to get an SSL context. However, different JREs have different interpretation for this protocol name. For example, Oracle/OpenJDK interprets it as "Supports some version of TLS; may support other versions" [2], while IBM JDK interprets it as "TLS v1.0 protocol" [3]. As TLS v1.0 is quickly getting deprecated, a more general protocol name should be used, like "SSL". Based on my test, when "SSL" is used to get the SSL context, both the Oracle/OpenJDK and IBM JDK use TLSv1.2 to make the connection. This issue also applies to other Tomcat versions. [1] http://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java [2] http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext [3] http://www-01.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/protocols.html?lang=en -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org