2016-07-25 23:25 GMT+02:00 Peter Robbins <peter.robb...@jamfsoftware.com>:
> > If you also have tomcat-native installed… > No tomcat-native in any environment I saw, but I’ll make sure we check on > that config. > > We’re not knowingly plugging Bouncy Castle into the Tomcat SSL mix at all. > We only use it in application logic after registering it with > Security.addProvider() in a context listener. We then only ever access the > BouncyCastle Provider by getting it by name, so not too sure what it would > have to do with the SSL implementation. > > We didn’t add any configuration to specify any value for > sslImplementationName previously, so it should have just been using > org.apache.tomcat.util.net.jsse.JSSEImplementation anyway. Being a JCE > implementation, Bouncy Castle Doesn’t provide an SSL implementation, so I’m > not sure how that could get mixed in at all. > > I wish I could add more that we found, but at this point I’m just updating > the list so that maybe someone else can work around the same thing we have. > Thanks for the help! > Ok. If you're not using OpenSSL through tomcat-native, you don't need to add sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" then, it is the fallback. Rémy > > Peter > > On 7/25/16, 3:29 PM, "Rémy Maucherat" <r...@apache.org> wrote: > > >You are potentially changing two things at the same time here. You > >were/are using boutycastle. If you also have tomcat-native installed, > >Tomcat would try to use OpenSSL with JSSE. I don't have any idea how that > >interacts with boutycastle, se we're probably not supporting it (it is > >never tested, and now we provide OpenSSL over which we have some control > >and basically does the same thing in a better way). > >