Am Freitag, dem 11.03.2022 um 10:09 +0100 schrieb Torsten Krah: > So it seems like a bug to me, right?
I had a quick look on the JNI SSLContext code + the native implementation: TCN_IMPLEMENT_CALL(jboolean, SSL, setCipherSuites)(TCN_STDARGS, jlong ssl, jstring ciphers) { jboolean rv = JNI_TRUE; SSL *ssl_ = J2P(ssl, SSL *); TCN_ALLOC_CSTRING(ciphers); UNREFERENCED_STDARGS; if (ssl_ == NULL) { TCN_FREE_CSTRING(ciphers); tcn_ThrowException(e, "ssl is null"); return JNI_FALSE; } UNREFERENCED(o); if (!J2S(ciphers)) { TCN_FREE_CSTRING(ciphers); return JNI_FALSE; } if (!SSL_set_cipher_list(ssl_, J2S(ciphers))) { char err[256]; ERR_error_string(SSL_ERR_get(), err); tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err); rv = JNI_FALSE; } TCN_FREE_CSTRING(ciphers); return rv; } and this one does really use SSL_set_cipher_list even for TLS 1.3 - that won't work. Can anyone confirm that? Should I open a bug here: https://bz.apache.org/bugzilla/enter_bug.cgi about that? kind regards Torsten --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org