Explicitly set tls13 suites in Tomcat when tls12 ciphers defined

Fixes mozilla/server-side-tls#280 (similar to mozilla#226)
janbrasna · Jan 6, 2024 · 9347789 · 9347789
1 parent 57ebdd4
commit 9347789
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/templates/partials/tomcat.hbs b/src/templates/partials/tomcat.hbs
@@ -10,14 +10,14 @@
     port="443"
     SSLEnabled="true">
 
-    <!-- TLS 1.3 requires Java 11 or higher -->
+    {{#if (includes "TLSv1.3" output.protocols)}}<!-- TLSv1.3 requires Java 11 or higher -->{{/if}}
     <SSLHostConfig
 {{#if output.ciphers.length}}
-        ciphers="{{{join output.ciphers ":"}}}"
+        ciphers="{{#if (includes "TLSv1.3" output.protocols)}}{{{join output.cipherSuites ":"}}}:{{/if}}{{{join output.ciphers ":"}}}"
 {{/if}}
         disableSessionTickets="true"
         honorCipherOrder="{{#if output.serverPreferredOrder}}true{{else}}false{{/if}}"
-        protocols="{{join output.protocols ", "}}">
+        protocols="{{join output.protocols ","}}">
 
         <Certificate
             certificateFile="/path/to/signed_certificate"