https://issues.apache.org/bugzilla/show_bug.cgi?id=56780
--- Comment #11 from Mark Thomas <ma...@apache.org> ---
(In reply to Konstantin Kolinko from comment #10)
> > 3. Is it possible to try several names in turn in
> > "SSLContext.getInstance("TLS");" such as "TLS", "TLSv1.1" and "TLSv1.2"?
Workable but ugly and not future proof for TLSv1.3 etc.
> Other ideas:
> A) Use JSSESocketFactory.defaultProtocol field here and allow it to be
> configured via a system property.
Yuck. I'm not a fan of system properties.
> B) Defer evaluation of DEFAULT_SERVER_PROTOCOLS until there is a SSLContext
> instance that can be used to evaluate it, created from user-provided
> protocol name.
I think this is possible. It looks as simple as moving the code from the static
initializer to the constructor and having default per instance rather than at
the class level (which makes more sense for protocols and ciphers since they
may vary with connector configuration).
I'll take a look...
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
