Peter, Depending at which slot you plug in BC in the Security context it might or it might not get used depending on the cipher suites used by you SSL connection. JSSE will ask Java for crypto implementation from the list of JCE providers and if your BC is high on the list, it will get used. It definitely can affect your SSL if you're using JSSE+JCE...
George -----Original Message----- From: Peter Robbins [mailto:peter.robb...@jamfsoftware.com] Sent: Monday, July 25, 2016 3:25 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: NullPointerExceptions from Coyote over SSL > If you also have tomcat-native installed… No tomcat-native in any environment I saw, but I’ll make sure we check on that config. We’re not knowingly plugging Bouncy Castle into the Tomcat SSL mix at all. We only use it in application logic after registering it with Security.addProvider() in a context listener. We then only ever access the BouncyCastle Provider by getting it by name, so not too sure what it would have to do with the SSL implementation. We didn’t add any configuration to specify any value for sslImplementationName previously, so it should have just been using org.apache.tomcat.util.net.jsse.JSSEImplementation anyway. Being a JCE implementation, Bouncy Castle Doesn’t provide an SSL implementation, so I’m not sure how that could get mixed in at all. I wish I could add more that we found, but at this point I’m just updating the list so that maybe someone else can work around the same thing we have. Thanks for the help! Peter On 7/25/16, 3:29 PM, "Rémy Maucherat" <r...@apache.org> wrote: >You are potentially changing two things at the same time here. You >were/are using boutycastle. If you also have tomcat-native installed, >Tomcat would try to use OpenSSL with JSSE. I don't have any idea how >that interacts with boutycastle, se we're probably not supporting it >(it is never tested, and now we provide OpenSSL over which we have some >control and basically does the same thing in a better way). --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org