You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2022/04/05 18:59:53 UTC

[tomcat] branch main updated: Skip setting TLS 1.3 ciphers with the defaults

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 3cb24e6780 Skip setting TLS 1.3 ciphers with the defaults
3cb24e6780 is described below

commit 3cb24e67801ee18c79a7972b5c995d26bcfeb1dc
Author: remm <re...@apache.org>
AuthorDate: Tue Apr 5 20:59:39 2022 +0200

    Skip setting TLS 1.3 ciphers with the defaults
---
 modules/openssl-java17/pom.xml                                          | 2 +-
 .../java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/openssl-java17/pom.xml b/modules/openssl-java17/pom.xml
index f0049451de..09e239ae89 100644
--- a/modules/openssl-java17/pom.xml
+++ b/modules/openssl-java17/pom.xml
@@ -31,7 +31,7 @@
     <version>0.1-SNAPSHOT</version>
 
     <properties>
-        <tomcat.version>9.0.60</tomcat.version>
+        <tomcat.version>9.0.62</tomcat.version>
         <project.build.outputTimestamp>2021-12-02T12:00:00Z</project.build.outputTimestamp>
     </properties>
 
diff --git a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 66942b8d8a..ee2ab2f9d1 100644
--- a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -569,7 +569,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
                     log.warn(sm.getString("engine.failedCipherList", sslHostConfig.getCiphers()));
                 }
             }
-            if (maxTlsVersion >= TLS1_3_VERSION()) {
+            if (maxTlsVersion >= TLS1_3_VERSION() && (sslHostConfig.getCiphers() != SSLHostConfig.DEFAULT_TLS_CIPHERS)) {
                 if (SSL_CTX_set_ciphersuites(state.sslCtx, CLinker.toCString(sslHostConfig.getCiphers(), state.contextScope)) <= 0) {
                     log.warn(sm.getString("engine.failedCipherSuite", sslHostConfig.getCiphers()));
                 }


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org