Chris,
> Am 11.08.2021 um 16:40 schrieb Chris Strickland
> <[email protected]>:
>
>
> Anyone happen to know where in the server.xml file the attributes go for
> clientAuth and sslEnabledProtocols?
They goes in "protocols" and "certificateVerification" attributes of
SSLHostConfig.
Like this:
<SSLHostConfig
hostName="${hostname}"
honorCipherOrder="true"
certificateVerification="none"
certificateRevocationListFile="${catalina.base}/conf/ssl/ca-bundle-client.crl"
truststoreFile="${catalina.base}/conf/ssl/cacerts.jks"
truststorePassword="changeit"
protocols="TLSv1.2+TLSv1.3"
ciphers="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
<Certificate
certificateKeystoreFile="${catalina.base}/conf/ssl/mycert_ecc.p12"
certificateKeystorePassword="xxx"
certificateKeyAlias="server_ecc"
type="EC" />
<Certificate certificateKeystoreFile="${catalina.base}/conf/ssl/mycert.p12"
certificateKeystorePassword="xxx"
certificateKeyAlias="server"
type="RSA" />
</SSLHostConfig>
> I'm running Tomcat 10. Seems like I tried putting them under everything
> (Connector, SSLHostConfig, Certificate) but still get the warning in the
> logs: failed to set property.
> Thanks,Chris On Thursday, August 5, 2021, 03:37:54 PM EDT, Peter Kreuser
> <[email protected]> wrote:
>
> Chris,
>
>> Am 05.08.2021 um 18:32 schrieb Rob Sargent <[email protected]>:
>>
>>
>>> Caused by: java.lang.IllegalArgumentException: No SSLHostConfig
>>> element was found with the hostName [_default_] to match the
>>> defaultSSLHostConfigName for the connector [https-jsse-nio-9443]
>>>
>>
>
> The ssl-Options are not attributes on the connector, but the SSLHostConfig
>
> http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#Common_Attributes
>
> http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#SSL_Support
>
> Peter
>
>> Isn’t that the real issue?
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
