Hi Mark or Chris, Based on Chris statement, it has to be addressed in tomcat. Can I raise a Bug in Bugzilla for this observation?.
Regards, Natraj -----Original Message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Monday, October 18, 2021 10:14 PM To: users@tomcat.apache.org Subject: Re: Restriction of TLS version in HTTP2 over HTTPS with OpenSSL Natraj, On 10/18/21 01:19, Natraj Thekkan wrote: > @Mark > Thanks for your response. > > We have tested by removing that line of code, still client able to establish > the connection with server using TLSv1 and TLSv1.1. Below one is configured > in java.security file. > > jdk.tls.disabledAlgorithms=SSLv3,TLSv1,TLSv1.1,RC4,MD5withRSA,ADH,DH,DHE, > DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ > include jdk.disabled.namedCurves Note that OpenSSL will ignore the jdk.tls.disabledAlgorithms setting. Mark (and others), maybe we should take jdk.tls.disabledAlgorithms into account when configuring OpenSSL through JSSE, since a user might expect that all JSSE providers will respect that setting. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org