Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Jetty intermediate/old configs for TLSv1.3-only clients #226

Merged
merged 2 commits into from
Oct 8, 2024
Merged

Fix Jetty intermediate/old configs for TLSv1.3-only clients #226

merged 2 commits into from
Oct 8, 2024

Conversation

janbrasna
Copy link
Collaborator

@janbrasna janbrasna commented Jan 5, 2024
edited
Loading

Fixes #154

With any output.ciphers present, for TLSv1.3 to work also the output.cipherSuites have to be provided for TLSv1.3 handshakes not to fail (i.e. when IncludeCipherSuites defined, also the TLSv1.3 compatible suites as defined in RFC 8446 have to be explicitly set, or TLSv1.3-only clients won't be able to connect).

Fixes intermediate and old configs.

Support for *_CHACHA20_POLY1305_* was added in 11.0.13 JDK-8140466 but since it was not addressed for TLSv12 suites before, I haven't added anything mentioning the JSSE support for TLSv13 either — if that errors out for someone running older revisions, feel free to open separate issue for that; however we're not comparing such versions in the logic here, so it may only warrant a config comment of sorts…

janbrasna added a commit to janbrasna/ssl-config-generator that referenced this pull request Jan 6, 2024
@janbrasna
Explicitly set tls13 suites in Tomcat when tls12 ciphers defined
9347789 
Fixes mozilla/server-side-tls#280 (similar to mozilla#226)
@janbrasna janbrasna added bug Something isn't working compatibility Warnings, deprecations or incompatibilities to tackle P1 Priority: 1 S2 Severity: 2 labels Oct 8, 2024
@janbrasna janbrasna changed the title Fix Jetty TLSv1.3 IncludeCipherSuites Fix Jetty intermediate/old configs for TLSv1.3-only clients Oct 8, 2024
@gstrauss gstrauss self-requested a review October 8, 2024 17:09
@gstrauss gstrauss merged commit 79d7131 into mozilla:master Oct 8, 2024
3 checks passed
@janbrasna janbrasna deleted the fix/jetty-tls13-ciphersuites branch October 8, 2024 18:04
@janbrasna janbrasna mentioned this pull request Oct 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gstrauss gstrauss gstrauss approved these changes

Assignees
No one assigned
Labels
bug Something isn't working compatibility Warnings, deprecations or incompatibilities to tackle P1 Priority: 1 S2 Severity: 2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Jetty TLS 1.3 CipherSuites
2 participants
@janbrasna @gstrauss