tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 62748] Add support for TLS 1.3 (RFC 8446)
Date Tue, 09 Oct 2018 21:01:53 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=62748

--- Comment #18 from Christopher Schultz <chris@christopherschultz.net> ---
When using my ssltest tool[1] with OpenJDK 11, I get the following output when
configured with protocols="TLSv1.2+TLSv1.3":

Host [localhost] resolves to addresses [127.0.0.1], [0:0:0:0:0:0:0:1]
Auto-detected client-supported protocols: [DTLSv1.0, DTLSv1.2, SSLv3, TLSv1,
TLSv1.1, TLSv1.2, TLSv1.3]
Testing server localhost:8443
Supported Protocol Cipher
 Accepted  TLSv1.2 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 Accepted  TLSv1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
 Accepted  TLSv1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 Accepted  TLSv1.2 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 Accepted  TLSv1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 Accepted  TLSv1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 Accepted  TLSv1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 Accepted  TLSv1.3 TLS_AES_128_GCM_SHA256
 Accepted  TLSv1.3 TLS_AES_256_GCM_SHA384
Given this client's capabilities ([DTLSv1.0, DTLSv1.2, SSLv3, TLSv1, TLSv1.1,
TLSv1.2, TLSv1.3]), the server prefers protocol=TLSv1.3,
cipher=TLS_AES_128_GCM_SHA256

Note that ssltest only performs a TLS handshake and does not attempt to
communicate using HTTP over that connection.

[1] https://github.com/ChristopherSchultz/ssltest

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message