Tomcat 9 and Tomcat 10 cipherSuites compatibility configuration when using TLS 1.3
search cancel

Tomcat 9 and Tomcat 10 cipherSuites compatibility configuration when using TLS 1.3

book

Article ID: 442005

calendar_today

Updated On:

Products

Endevor Support Only for Apache Tomcat

Issue/Introduction

When using TLS 1.3 and need to migrate from TOMCAT 9 to TOMCAT10, will the cipherSuites configuration from the Tomcat 9 work on Tomcat 10?

Environment

  • Endevor Web Services
  • Apache Tomcat 9 (CCS Tomcat)
  • Apache Tomcat 10 (CCS Tomcat)
  • TLS 1.3

Resolution

It is important to note that the Web Service supports both Tomcat 9 and Tomcat 10 (see CCS Apache Tomcat Compatibility).

When using TLS 1.3, whether the cipherSuites configuration from Tomcat 9 will work on Tomcat 10 depends on how the SSL configuration is defined in Tomcat 9.

The SSL configuration approach changed between Tomcat versions:

  • In Tomcat 9, SSL attributes can be defined directly in the Connector block.
  • In Tomcat 10, SSL configuration must be defined in the SSLHostConfig block inside the Connector.

If cipherSuites is configured in the SSLHostConfig block, the configuration is supported in both Tomcats. However, other parameters and statements have changed in Tomcat 10. As a result, simply copying the server.xml file from Tomcat 9 to Tomcat 10 may not work without additional configuration updates.

Additional Information

Endevor web services with Java 21 and CCS Tomcat 10

Powered by Wolken Software