tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [OT] Ability to set cipher suites for websocket connections
Date Tue, 17 Jan 2017 22:49:21 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 1/17/17 2:53 PM, Mark Thomas wrote:
> On 17/01/2017 19:32, Christopher Schultz wrote:
>> Mark,
>> 
>> On 1/17/17 8:39 AM, Mark Thomas wrote:
>>> On 17/01/2017 11:23, Michael Orr wrote:
>>>> Hi,
>>>> 
>>>> There is a user property 
>>>> "org.apache.tomcat.websocket.SSL_PROTOCOLS" that you can use
>>>> to provide the list of permitted SSL protocols when
>>>> connecting to a websocket with WsWebSocketContainer.  I was
>>>> expecting that there would be a similar property to allow you
>>>> to set the list of permitted SSL cipher suites as well.
>>>> 
>>>> I've checked the code (for version 7.0.73, and also
>>>> 9.0.0.M15) and there doesn't seem to be any mention of such
>>>> an option.  I can see it calling
>>>> SSLEngine.setEnabledProtocols() but not 
>>>> SSLEngine.setEnabledCipherSuites().
>>>> 
>>>> Is there a particular reason why there is no 
>>>> "org.apache.tomcat.websocket.SSL_CIPHER_SUITES" property, or
>>>> is it simply an oversight?
>> 
>>> No reason I can think of. Patches welcome :)
>> 
>> I'm curious: since the existing <Connector> (possibly) contains a
>> TLS configuration, why does Websocket specifically require a
>> separate configuration?
> 
> This is for the WebSocket client, not the server.

Hah... of course. *duh*

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYfp9xAAoJEBzwKT+lPKRYXtUP/2nXCnYzF48W3aHwf6ZWKdoR
b29zH1GEB7gQH8HB9DbfkKKThJJVjPfOcRdXK5W9Yjg98ay2d6JWuQbgi1zT8sGa
0mr4QBMYluQ7PhUhkWvJtC83ZvaI6jgcI9dsmdjt3hn09FgKS987RO/RBuwoyLLF
z3HTCAfSQRlhTS0I7n4cbYIyqhFxTYk2OCp2og8qrqHo+I9zlkuAe39Fuz3QIXUi
WaxCO9PFKWmCVqyo91/lqtUxObs1Svs6BMVpVnKBObLRRxOL73qVdoKEkLORVsQg
AUdaEZTyQGUGONXNZNzKR6rmGY8wytzzl6ZJpSIg1YZMjRj/DSI+xp0X25bFIyMF
Uh5R367lYnKJUcJ6JuWGvi1lw+JwyeL5+WDgac4BuA7ZPZ01XN3NNWOst2yHkPoL
N0njcvIlOEXS4UHzpdBRcNlnmPYcC271ED8qT4RbnYA067ZPXaLvcvOS4OgCmlkD
LeTsGekVPNswP7P71A2JTFfqxtUcLv3SAV2F3ORbL+FHWAeL+/UAeVBKK/S2UCNu
mlqVAEUo5mGLzU/0UsAglHyq+h5BDpxMHDO8ck74MeotDTwEtKle2fJaEe6O/X7F
wFPFSFW8G9kYtzMv0p9DvREu5+rc8RIUwf7dzpFYJYb20rlECaAAKV4zOXv8BPQt
ZijQj1hGK4wQTaQEXUxT
=kJo4
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message