Mark,
On 10/19/21 04:17, Mark Thomas wrote:
On 19/10/2021 06:20, Natraj Thekkan wrote:
Hi Mark or Chris,
Based on Chris statement, it has to be addressed in tomcat.
No, you has misunderstood Chris's statement.
+1
I was suggesting a related beehavior in Tomcat that would not affect the
behavior OP is reporting, here.
All the evidence so far points to user error.
+1
-chris
-----Original Message-----
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Monday, October 18, 2021 10:14 PM
To: users@tomcat.apache.org
Subject: Re: Restriction of TLS version in HTTP2 over HTTPS with OpenSSL
Natraj,
On 10/18/21 01:19, Natraj Thekkan wrote:
@Mark
Thanks for your response.
We have tested by removing that line of code, still client able to
establish the connection with server using TLSv1 and TLSv1.1. Below
one is configured in java.security file.
jdk.tls.disabledAlgorithms=SSLv3,TLSv1,TLSv1.1,RC4,MD5withRSA,ADH,DH,DHE,
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
Note that OpenSSL will ignore the jdk.tls.disabledAlgorithms setting.
Mark (and others), maybe we should take jdk.tls.disabledAlgorithms
into account when configuring OpenSSL through JSSE, since a user might
expect that all JSSE providers will respect that setting.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org