> It seems to me you are listing a cipher that might be correct > according to the OpenSSL documentation, but then whether that is > available to your JVM may be different.
That is for sure not the problem - just use the "ciphers.sh" from the binary directory of tomcat which will list you all possible ciphers you can use - and those match the ones I want to use. > > Maybe you can run some small java application on the very same JVM to > simply list the supported ciphers? At least that would give you an > authorative list of ciphers you can put into the configuration file. No need for that, tomcat already has that - use ciphers.sh . As Thomas found, it is a known bug / missing feature of tomcat - you can't configure TLS 1.3 ciphers in tomcat yet if you want to use the OpenSSL native implementation and Mark Thomas confirmed that here: https://lists.apache.org/thread/q8lmp40xkn0b4k4o6n05n9fyttlvmd22 That was 08/2019 - but it still is unsupported in 03/2022 - maybe I'll do a patch for that one ;). kind regards Torsten --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org