Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=15&rev2=16 Comment: Fill in Tomcat 7 JSSE || || Java 5 || Java 6 || Java 7 || Java 8 || || Tomcat 6 || C || C || C || B || - || Tomcat 7 || N/A || C || C || B || + || Tomcat 7 || N/A || C || A || A || || Tomcat 8 || N/A || N/A || A || A || || Tomcat 8.5 || N/A || N/A || A || A || || Tomcat 9 || N/A || N/A || N/A || A || Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files + + Note: The Java 6 results are capped at C because Java 6 does not support TLS 1.1 or 1.2. + + The equivalent OpenSSL cipher configurations used to obtain the above results are: + + || Java 6 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE || + || Java 7 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE || + || Java 8 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA || + + Note: kRSA ciphers are not excluded in Java 6 and earlier since they are likely to be the only ones left + + Note: In Java 7 and earlier DHE ciphers use insecure DH keys with no means to configure longer keys which is why DHE ciphers are excluded in those Java versions. == NIO/NIO2 with JSSE+OpenSSL Results (Default) == @@ -23, +35 @@ Note: JSSE+OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since, without it, the full certificate chain is not presented to the client. - - The equivalent OpenSSL cipher configurations used to obtain the above results are: - - || Java 7 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE || - || Java 8 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA || - - Note: Java 7 DHE ciphers sue a 768 bit DH key which is considered insecure which is why those ciphers are excluded only for Java 7. == APR with OpenSSL Results (Default) == @@ -47, +52 @@ || || Java 5 || Java 6 || Java 7 || Java 8 || || Tomcat 6 || B || B || A- || A || - || Tomcat 7 || N/A || B || A- || A || @@ -76, +80 @@ * Java 7, 64-bit, update 80 * Java 8, 64-bit, update 77 * Apache Tomcat 6.0.44-dev, r1664561. This is after the commit that disabled SSLv2 and SSLv3. - * Apache Tomcat 7.0.60-dev, r1664373. + * Apache Tomcat 7.0.69-dev, r1737249. * Apache Tomcat 8.0.34-dev, r1737224. * Apache Tomcat 8.5.1-dev, r1737241. * Apache Tomcat 9.0.0.M5-dev, r1737193. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org