https://bz.apache.org/bugzilla/show_bug.cgi?id=69800
--- Comment #3 from Remy Maucherat <[email protected]> --- https://tls13.xargs.org/#client-hello/annotated The client hello has info on the client supported groups, which is probably what we need. As a result, with TLS 1.3, it would be a good idea to use that. If there are more than one certificate, the current Tomcat code will always pick the RSA one with TLS 1.3. So: - Add group attribute to Certificate. It would get propagated to the SSLParameter. - More importantly, extract the client supported groups from the client hello in TLSClientHelloExtractor. - Change AbstractEndpoint.selectCertificate to use the client supported groups along with the group attribute of the certificate to select the right SSLContext when using TLS 1.3. And that should probably work. Maybe there could be an even better way to do this. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
