> If you also have tomcat-native installed… No tomcat-native in any environment I saw, but I’ll make sure we check on that config.
We’re not knowingly plugging Bouncy Castle into the Tomcat SSL mix at all. We only use it in application logic after registering it with Security.addProvider() in a context listener. We then only ever access the BouncyCastle Provider by getting it by name, so not too sure what it would have to do with the SSL implementation. We didn’t add any configuration to specify any value for sslImplementationName previously, so it should have just been using org.apache.tomcat.util.net.jsse.JSSEImplementation anyway. Being a JCE implementation, Bouncy Castle Doesn’t provide an SSL implementation, so I’m not sure how that could get mixed in at all. I wish I could add more that we found, but at this point I’m just updating the list so that maybe someone else can work around the same thing we have. Thanks for the help! Peter On 7/25/16, 3:29 PM, "Rémy Maucherat" <r...@apache.org> wrote: >You are potentially changing two things at the same time here. You >were/are using boutycastle. If you also have tomcat-native installed, >Tomcat would try to use OpenSSL with JSSE. I don't have any idea how that >interacts with boutycastle, se we're probably not supporting it (it is >never tested, and now we provide OpenSSL over which we have some control >and basically does the same thing in a better way).
