Hello Bradle, > -----Ursprüngliche Nachricht----- > Von: Brandie Nickey-External <brandie.nic...@regeneron.com.INVALID> > Gesendet: Donnerstag, 10. August 2023 18:20 > An: Tomcat Users List <users@tomcat.apache.org> > Betreff: RE: Tomcat 10.1 -- Precedence of catalina.sh jvm Options vs > server.xml > options > > Hi all, > > Spying on this thread and have a little confusion. For me tomcat is running > on a > windows server and I wasn't able to find a Catalina.sh. I do have a > Catalina.bat > though....does anyone know if this is supposed to be the equivalent to the .sh > file , just for Windows? > > Thanks, > Brandie
In general, yes. Just replace .sh with .bat on windows and you are good to go. > > Regeneron - Internal Use Only > > -----Original Message----- > From: SCHWING, CHUCK <cs3...@att.com> > Sent: Thursday, August 10, 2023 4:59 AM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: [External] RE: Tomcat 10.1 -- Precedence of catalina.sh jvm Options > vs > server.xml options > > EXTERNAL MESSAGE > ________________________________________________________________ > _ > > > > > EXTERNAL MESSAGE > > > > > Chris -- > > Many thanks for the clarification. I missed the "client" in the > jdk.tls.client.protocols jvm arg. > > Regards, > --ccs > > -----Original Message----- > From: Christopher Schultz <ch...@christopherschultz.net> > Sent: Thursday, August 10, 2023 2:04 AM > To: users@tomcat.apache.org > Subject: Re: Tomcat 10.1 -- Precedence of catalina.sh jvm Options vs > server.xml > options > > Chuck, > > On 8/9/23 13:58, SCHWING, CHUCK wrote: > > I've looked for the answer to this online and maybe I didn't read closely > enough. > > I'm running tomcat 10.1 with JDK17.0.6 and have defined a jvm startup option > of "-Djdk.tls.client.protocols=TLSv1.2" in my copy of catalina.sh and the same > TLS version is defined in my server.xml in my SSLHostConfig: > > sslProtocol="TLS" > > protocols="TLSv1.2" > > > > My question is: What's the precedence in play? Does catalina.sh override > server.xml or is it the other way around? > > > > We need to migrate to TLS1.3 and we're wondering how best to configure > Tomcat 10 so support TLS1.2 and TLS1.3 while we're migrating. > > The system property you have shown above does not affect the behavior of > Tomcat at all. This system property affects Java's built-in TLS *client* when > making /outgoing/ connections. > > If you specify "TLSv1.2" and no other protocols, then you will not enable > TLSv1.3. You should specify: > > protocols="TLSv1.3, TLSv1.2" > > in your <SSLHostConfig> in order to enable TLSv1.3 and also accept TLSv1.2. > Note that for TLSv1.3 there are other requirements, specifically a JVM with > support if using JSSE or an OpenSSL implementation with support if using > OpenSSL. > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > **************************************************************** > **** > This e-mail and any attachment hereto, is intended only for use by the > addressee(s) named above and may contain legally privileged and/or > confidential information. If you are not the intended recipient of this > e-mail, > any dissemination, distribution or copying of this email, or any attachment > hereto, is strictly prohibited. If you receive this email in error please > immediately notify me by return electronic mail and permanently delete this > email and any attachment hereto, any copy of this e-mail and of any such > attachment, and any printout thereof. Finally, please note that only > authorized > representatives of Regeneron Pharmaceuticals, Inc. have the power and > authority to enter into business dealings with any third party. > **************************************************************** > **** > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org