tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rj...@apache.org>
Subject Re: svn commit: r1842656 - in /tomcat/trunk: java/org/apache/tomcat/util/compat/TLS.java java/org/apache/tomcat/util/net/SSLHostConfig.java webapps/docs/changelog.xml
Date Tue, 02 Oct 2018 21:43:50 GMT
Some remarks for this:

Am 02.10.2018 um 23:34 schrieb rjung@apache.org:
> Author: rjung
> Date: Tue Oct  2 21:34:11 2018
> New Revision: 1842656
> 
> URL: http://svn.apache.org/viewvc?rev=1842656&view=rev
> Log:
> Add TLSv1.3 to the default protocols and to the
> "all" alias for JSSE based TLS connectors when
> running on a JVM that supports TLS version 1.3.
> One such JVM is OpenJDK version 11.
> This line, and those below, will be ignored--

I tested it with OpenSSL 1.1.1 and with a curl build based on OpenSSL 
1.1.1. On the server with Java 11. It worked well and it doesn't seem to 
break older clients or older JVMs.

Testing with current Firefox and current Chrome fails, because both seem 
to implement a TLS 1.3 draft and thus must fail. Both are expected to 
implement the final 1.3 in the next version (Firefox 63, Chrome 70).

If I hear no objections, I plan to backport to 8.5.

Next I will look at Chris's 1.3 patch for the native connector.

Regards,

Rainer


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message