Am Freitag, dem 11.03.2022 um 10:09 +0100 schrieb Torsten Krah:
> So it seems like a bug to me, right?
I had a quick look on the JNI SSLContext code + the native
implementation:
TCN_IMPLEMENT_CALL(jboolean, SSL, setCipherSuites)(TCN_STDARGS, jlong ssl,
jstring ciphers)
{
jboolean rv = JNI_TRUE;
SSL *ssl_ = J2P(ssl, SSL *);
TCN_ALLOC_CSTRING(ciphers);
UNREFERENCED_STDARGS;
if (ssl_ == NULL) {
TCN_FREE_CSTRING(ciphers);
tcn_ThrowException(e, "ssl is null");
return JNI_FALSE;
}
UNREFERENCED(o);
if (!J2S(ciphers)) {
TCN_FREE_CSTRING(ciphers);
return JNI_FALSE;
}
if (!SSL_set_cipher_list(ssl_, J2S(ciphers))) {
char err[256];
ERR_error_string(SSL_ERR_get(), err);
tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
rv = JNI_FALSE;
}
TCN_FREE_CSTRING(ciphers);
return rv;
}
and this one does really use SSL_set_cipher_list even for TLS 1.3 -
that won't work.
Can anyone confirm that? Should I open a bug here:
https://bz.apache.org/bugzilla/enter_bug.cgi
about that?
kind regards
Torsten
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
