Am 18.12.25 um 12:18 schrieb Mark Thomas:
On 18/12/2025 01:28, Rainer Jung wrote:
Am 18.12.25 um 01:26 schrieb Rainer Jung:
- the error "error:12800067:DSO support routines::could not load the
shared library" is shown, because "SSL_ERR_clear();" is missing
somewhere. If I add that in setCipherSuite, the SSL library error
thrown changes to "error:0A0000B9:SSL routines::no cipher match"
We should definitely add the call to SSL_ERR_clear()
- the error happens in the "if (maxProtoVer >= TLS1_3_VERSION) {" branch.
- the CipherSuite used is "!aNULL:!eNULL:!EXP:ALL" and "!aNULL:!
eNULL:! EXP:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA".
Where are those coming from? Have you modified the tests / Tomcat to use
different default ciphers?
No modification, except for debug output. I think the part
"!aNULL:!eNULL:!EXP:" comes from prefixing SSL_CIPHERS_ALWAYS_DISABLED
in case of "#ifndef HAVE_EXPORT_CIPHERS" in the tcnative code for
setCipherSuite(). I do not know, where the ALL comes from. A couple of
classes underneath test/org/apache/tomcat/util/net/ use it, but not
obviously related to the falling test.
The second cipher suite might be an unrelated debug messages from the
same native code triggered by
test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java,
which seems to use "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5" (and
others). It seems it is not really related to a test failure.
Best regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
