You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/03/31 10:53:38 UTC
svn commit: r1737198 - in /tomcat/tc8.5.x/trunk: ./
java/org/apache/coyote/http2/Http2UpgradeHandler.java
webapps/docs/changelog.xml
Author: markt
Date: Thu Mar 31 08:53:38 2016
New Revision: 1737198
URL: http://svn.apache.org/viewvc?rev=1737198&view=rev
Log:
honorCipherOrder default has been changed to false
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc8.5.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Mar 31 08:53:38 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117
Modified: tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java?rev=1737198&r1=1737197&r2=1737198&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java (original)
+++ tomcat/tc8.5.x/trunk/java/org/apache/coyote/http2/Http2UpgradeHandler.java Thu Mar 31 08:53:38 2016
@@ -66,8 +66,6 @@ import org.apache.tomcat.util.res.String
* <br>
* Note:
* <ul>
- * <li>Tomcat needs to be configured with honorCipherOrder="false" otherwise
- * Tomcat will prefer a cipher suite that is blacklisted by HTTP/2.</li>
* <li>You will need to nest an <UpgradeProtocol
* className="org.apache.coyote.http2.Http2Protocol" /> element inside
* a TLS enabled Connector element in server.xml to enable HTTP/2 support.
Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1737198&r1=1737197&r2=1737198&view=diff
==============================================================================
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Thu Mar 31 08:53:38 2016
@@ -81,6 +81,12 @@
<fix>
Align cipher configuration parsing with current OpenSSL master. (markt)
</fix>
+ <update>
+ Change the default for <code>honorCipherOrder</code> to
+ <code>false</code>. With the current default TLS configuration, it is no
+ longer necessary for this to be <code>true</code> for a reasonably
+ secure configuration. (markt)
+ </update>
</changelog>
</subsection>
<subsection name="WebSocket">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org