On 1/11/2017 9:17 AM, Kirk Wolf wrote:
Curious: Is there something relative to RACF keyrings or TLS 1.2 in Tomcat8 / SDK8 that can't be done with Tomcat 7 and z/OS SDK 7?
Tomcat 7 does not properly handle the "safkeyring:///" protocol specification even when java.protocol.handler.pkgs environment variable is set to com.ibm.crypto.provider. It sees the text string as a file name, not a protocol. This was fixed in Tomcat 8. [We verified it worked in Tomcat 8.5.5.]
Once we moved to Tomcat 8, there was a bug (that did not exist in Tomcat 7) that prevented us from using TLSv1.2. This was fixed in Tomcat 8.5.6.
-- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 http://www.phoenixsoftware.com/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN