https://bz.apache.org/bugzilla/show_bug.cgi?id=59120
--- Comment #3 from Jack <caij...@apache.org> --- When you say "it behaves the same way as Oracle", did you mean the communication used the same TLS version? From my test (by setting -Djavax.net.debug=ssl) Oracle uses TLS v1.2, and IBM uses TLS v1.0. I think it's probably better to use SSLContext.getDefault() as you suggested in Comment #1 as THE DEFAULT, and then allow people to use org.apache.tomcat.websocket.SSL_PROTOCOLS to override. That way people can also use common JDK options like -Djdk.tls.client.protocols [1] to override. [1] https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org