https://issues.apache.org/bugzilla/show_bug.cgi?id=53952
--- Comment #6 from Christopher Schultz <ch...@christopherschultz.net> --- I like this patch, but since security is involved, I think I'd like to see a check in the Java code against the (likely) tcnative version that can support TLSv1.1 and TLSv1.2. We don't want people using "TLSv1+TLSv1.1+TLSv1.2" as their protocol string and thinking that they can get access to TLSv1.2 if tcnative isn't up to the task. Similarly, there should probably be a check at the JNI level to check to see that the underlying OpenSSL supports TLSv1.1 or TLSv1.2 when attempting to use them. The existing patch will allow a user to request "TLSv1+TLSv1.1+TLSv1.2" and silently implement only TLSv1. Java code can check org.apache.tomcat.jni.Library.TCN_MAJOR_VERSION, etc. and the C code can use #ifdef checks. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
