Mark,
On 1/19/22 05:00, Mark Thomas wrote:
On 18/01/2022 23:16, Christopher Schultz wrote:
All,
There are a bunch of parameters in SSLHostConfig which are
documented[1] to be "OpenSSL Only" and "JSSE only". I thought we made
it so either configuration could be used with either underlying crypto
engine. Is that not true? Or is it only true if you are using JSSE
with OpenSSL as the JSSE-provider??
You can configure TLS using JSSE style configuration or OpenSSL style
configuration. That configuration style choice is independent of
implementation.
So you can have any of:
- JSSE style config with NIO(2)+JSSE
- JSSE style config with NIO(2)+OpenSSL
- JSSE style config with APR/Native
- OpenSSL style config with NIO(2)+JSSE
- OpenSSL style config with NIO(2)+OpenSSL
- OpenSSL style config with APR/Native
What you can't do is mix JSSE configuration with OpenSSL configuration.
You have to pick a single configuration style.
To slightly complicate things, some configuration settings work with
JSSE or OpenSSL. What that means if you use a "JSSE only" setting then
you can't also use an "OpenSSL only" setting (and vice versa).
Thanks.
How can we adjust the documentation to make it clear that you can choose
either style of configuration, but that you have to be consistent?
Maybe two separate sections of the documentation with an introduction
saying "there are two styles of config: pick one" and then remove the
"JSSE Only" or "OpenSSL Only" notes on each?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
