Am Freitag, dem 11.03.2022 um 10:09 +0100 schrieb Torsten Krah:
> So it seems like a bug to me, right?

I had a quick look on the JNI SSLContext code + the native
implementation:

TCN_IMPLEMENT_CALL(jboolean, SSL, setCipherSuites)(TCN_STDARGS, jlong ssl,
                                                         jstring ciphers)
{
    jboolean rv = JNI_TRUE;
    SSL *ssl_ = J2P(ssl, SSL *);
    TCN_ALLOC_CSTRING(ciphers);

    UNREFERENCED_STDARGS;

    if (ssl_ == NULL) {
        TCN_FREE_CSTRING(ciphers);
        tcn_ThrowException(e, "ssl is null");
        return JNI_FALSE;
    }

    UNREFERENCED(o);
    if (!J2S(ciphers)) {
        TCN_FREE_CSTRING(ciphers);
        return JNI_FALSE;
    }
    if (!SSL_set_cipher_list(ssl_, J2S(ciphers))) {
        char err[256];
        ERR_error_string(SSL_ERR_get(), err);
        tcn_Throw(e, "Unable to configure permitted SSL ciphers (%s)", err);
        rv = JNI_FALSE;
    }
    TCN_FREE_CSTRING(ciphers);
    return rv;
}

and this one does really use SSL_set_cipher_list even for TLS 1.3 -
that won't work.

Can anyone confirm that? Should I open a bug here:

https://bz.apache.org/bugzilla/enter_bug.cgi

about that?

kind regards

Torsten


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to