On 18/01/2022 23:16, Christopher Schultz wrote:
All,
There are a bunch of parameters in SSLHostConfig which are documented[1]
to be "OpenSSL Only" and "JSSE only". I thought we made it so either
configuration could be used with either underlying crypto engine. Is
that not true? Or is it only true if you are using JSSE with OpenSSL as
the JSSE-provider??
You can configure TLS using JSSE style configuration or OpenSSL style
configuration. That configuration style choice is independent of
implementation.
So you can have any of:
- JSSE style config with NIO(2)+JSSE
- JSSE style config with NIO(2)+OpenSSL
- JSSE style config with APR/Native
- OpenSSL style config with NIO(2)+JSSE
- OpenSSL style config with NIO(2)+OpenSSL
- OpenSSL style config with APR/Native
What you can't do is mix JSSE configuration with OpenSSL configuration.
You have to pick a single configuration style.
To slightly complicate things, some configuration settings work with
JSSE or OpenSSL. What that means if you use a "JSSE only" setting then
you can't also use an "OpenSSL only" setting (and vice versa).
HTH,
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
