...
</Connector>
Enable TLS on port 8443
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true">
<SSLHostConfig <SSLHostConfig protocols="TLSv1.2" truststoreFile="conf/cacerts.jks">
<Certificate certificateKeystoreFile="conf/clientcert.jks"
certificateKeystorePassword certificateKeystorePassword="changeit"
type type="RSA" />
</SSLHostConfig>
</Connector>
Note: Set protocols="TLSv1.2" to disable TLSv1.3 since the TCK requires post-handshake authentication and the Java 11 client does not support that.
tomcat-users.xml
Make the following changes:
...
A default 10.0.x build (as of 2020-06-1819) with the above configuration and the TCK built from source (as of 2020-06-1819) triggers 23 21 test failures
1 Expected failures
...
- PR 338
- Incorrect major version (1 failure),
- Using LF rather an CRLF (15 failures)
- Strange /j_security_check test (2 failures)Error page attributes assumed to be unset when spec requires them to be set (3 failures)
- Missing annotation marker in Java 8 signature tests (1 failure)
- Re-do Java 11 signature test based on Java 8
- Fix regression in error page tests (1 failure)
- Java 11 issues with HTTP/2 client