Chris, > Am 11.08.2021 um 16:40 schrieb Chris Strickland > <drivenbyvis...@yahoo.com.invalid>: > > > Anyone happen to know where in the server.xml file the attributes go for > clientAuth and sslEnabledProtocols?
They goes in "protocols" and "certificateVerification" attributes of SSLHostConfig. Like this: <SSLHostConfig hostName="${hostname}" honorCipherOrder="true" certificateVerification="none" certificateRevocationListFile="${catalina.base}/conf/ssl/ca-bundle-client.crl" truststoreFile="${catalina.base}/conf/ssl/cacerts.jks" truststorePassword="changeit" protocols="TLSv1.2+TLSv1.3" ciphers="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS"> <Certificate certificateKeystoreFile="${catalina.base}/conf/ssl/mycert_ecc.p12" certificateKeystorePassword="xxx" certificateKeyAlias="server_ecc" type="EC" /> <Certificate certificateKeystoreFile="${catalina.base}/conf/ssl/mycert.p12" certificateKeystorePassword="xxx" certificateKeyAlias="server" type="RSA" /> </SSLHostConfig> > I'm running Tomcat 10. Seems like I tried putting them under everything > (Connector, SSLHostConfig, Certificate) but still get the warning in the > logs: failed to set property. > Thanks,Chris On Thursday, August 5, 2021, 03:37:54 PM EDT, Peter Kreuser > <l...@kreuser.name> wrote: > > Chris, > >> Am 05.08.2021 um 18:32 schrieb Rob Sargent <rsarg...@xmission.com>: >> >> >>> Caused by: java.lang.IllegalArgumentException: No SSLHostConfig >>> element was found with the hostName [_default_] to match the >>> defaultSSLHostConfigName for the connector [https-jsse-nio-9443] >>> >> > > The ssl-Options are not attributes on the connector, but the SSLHostConfig > > http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#Common_Attributes > > http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#SSL_Support > > Peter > >> Isn’t that the real issue? >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >>