On 30/08/2016 10:23, Kreuser, Peter wrote: > Hi all, > > I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd proves that it > is linked). I have set the cipher string to the newly supported ciphers: > > > ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128- > GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA- > AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:E > CDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-EC > DSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-S > HA:AES256-SHA:DES-CBC3-SHA:!DSS" > > However I cannot connect with eg. ECDHE-ECDSA-CHACHA20-POLY1305. testssl.sh > shows only the old ciphers from the plain openssl 1.0.2. > > Tomcat Version 8.5.4 > Java 1.8.0_102 > > Anything that I'm missing?
Without seeing the full Connector config, don't know. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org