https://bz.apache.org/bugzilla/show_bug.cgi?id=67628
--- Comment #4 from Michael Osipov <micha...@apache.org> --- (In reply to Mark Thomas from comment #3) > I think this is a documentation issue. > > The intention was to: > - allow OpenSSL notation to be used with JSSE > - track ciphers and behaviour of latest OpenSSL development branch > - have consistent (as possible) behaviour between JSSE and OpenSSL for the > same cipher definition This makes sense and I totally understand that. > It does this by converting the notation to a list of ciphers and then > passing that to JSSE or OpenSSL. > > That behaviour changes if you use a different version of OpenSSL is > something that I think is good to highlight. > > We could better document this by: > - adding most of the above (not necessarily exactly in that form) to the > docs for ciphers > - amend the log message to note that this is expected if you run on older > JDKs and/or older OpenSSL and reference the cipher docs I think we can do better by supplying "ciphers" to an SSL handle instead of decrypting it on our own and then match. This would reduce the false positive. If SunJSSE/OpenJSSE is used then this remain the same. The mismatch for me does not happen because it matches the latest OpenSSL dev branch, but the comparison is not faire because sources are incorrect. Though, improving docs for people to better understand the warning is always good. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
