https://bz.apache.org/bugzilla/show_bug.cgi?id=59120
--- Comment #1 from Mark Thomas <ma...@apache.org> --- The documentation you quote is not consistent with the claims you make regarding SSL being more general. Part of the problem is that this code has to work across multiple Java versions and multiple vendors and the respective behaviours are not always identical. There is always the option to provide your own, pre-configured SSLContext. Typically, I'd expect this value to not matter and the value obtained from org.apache.tomcat.websocket.SSL_PROTOCOLS to be much more important. One of the reasons for allowing a custom SSLContext was to avoid the mushrooming of TLS ocnfiguration options. I'm going to change this code to use SSLContext.getDefault() as that should return a good, secure choice on any OS / Vendor / Java version combination. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org