tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [OT] Ability to set cipher suites for websocket connections
Date Tue, 17 Jan 2017 19:32:07 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 1/17/17 8:39 AM, Mark Thomas wrote:
> On 17/01/2017 11:23, Michael Orr wrote:
>> Hi,
>> 
>> There is a user property
>> "org.apache.tomcat.websocket.SSL_PROTOCOLS" that you can use to
>> provide the list of permitted SSL protocols when connecting to a
>> websocket with WsWebSocketContainer.  I was expecting that there
>> would be a similar property to allow you to set the list of 
>> permitted SSL cipher suites as well.
>> 
>> I've checked the code (for version 7.0.73, and also 9.0.0.M15)
>> and there doesn't seem to be any mention of such an option.  I
>> can see it calling SSLEngine.setEnabledProtocols() but not 
>> SSLEngine.setEnabledCipherSuites().
>> 
>> Is there a particular reason why there is no 
>> "org.apache.tomcat.websocket.SSL_CIPHER_SUITES" property, or is
>> it simply an oversight?
> 
> No reason I can think of. Patches welcome :)

I'm curious: since the existing <Connector> (possibly) contains a TLS
configuration, why does Websocket specifically require a separate
configuration?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIbBAEBCAAGBQJYfnE3AAoJEBzwKT+lPKRYwpoP+OgM+lcIrhZ8AO6Vxyx9CliL
GzwiFbgPgnCfpTnsLIT+0ZU+xQ2zg1RcCVOlKMTTRWRClioUf4+oDqGCm0BY2jAi
uAAAaDp1MXj4rNLb8sStJJmvQW0x3Mm6z4X8Pn9EZ1uR+9s21dHCpkbpxcKOu6z2
ZHNvQOwjgB0mpbj1/q9otfJx/sKZlozwOh4LJ7/vrask+vmRjsFK1rN0vjAXgo79
PLLsHWbXYHFKLKpMwEQnZ44LvtEl4FrYFZalN/R8FYMIOSBEx7MUxPOdq62U5w3p
O0Xelq0ijqT2pkrh4150Jt0Ff+3pkuUqL/MsXW+Gwfh6l/OdrQWN/ppEihy7VAbw
ytrv3V1lP3tewr8VJBWAfuz9wp+1bOmoRFDzsUrrsH4SPj0jrs0DTBBa8832dZa0
EWBlcU1qmr+QMzT4NjOSIg8JDzb13fB/ZxUWi3TldKTMaHggXvY0fxU098McDt+x
pOhCd0l6jHy0Z1H2+2Xlc7wroXwVYqdJjDFV6+MCiEhA2PNN6MQoVcHJffmvcsYW
84kKMIY9+IXGs8z6N/71v+3TB4PhXg0t0QcW+zzlyzZqRfMJGUsq/4FdVeeJ4s84
mxJ0cX1j96sUOs7nMaXBZ3uliIXQRwprMH0YebqGcMi8DZrrQ9r5vDjKzKsz7ZI8
UGcuzam6DjJqYKhryl0=
=IvJ1
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message