Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=17&rev2=18 Comment: Add the results for Tomcat 6 and JSSE == BIO/NIO/NIO2 with JSSE Results (Default) == || || Java 5 || Java 6 || Java 7 || Java 8 || - || Tomcat 6 || C || C || C || B || + || Tomcat 6 || C || C || A || A || || Tomcat 7 || N/A || C || A || A || || Tomcat 8 || N/A || N/A || A || A || || Tomcat 8.5 || N/A || N/A || A || A || @@ -15, +15 @@ Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files - Note: The Java 6 results are capped at C because Java 6 does not support TLS 1.1 or 1.2. + Note: The Java 5 and 6 results are capped at C because neither Java 5 nor 6 support TLS 1.1 or 1.2. The equivalent OpenSSL cipher configurations used to obtain the above results are: + || Java 5 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE || || Java 6 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE || || Java 7 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE || || Java 8 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA || @@ -33, +34 @@ || Tomcat 8.5 || N/A || N/A || A || A || || Tomcat 9 || N/A || N/A || N/A || A || + The OpenSSL cipher configuration used was '''HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'''. Up-to-date selection of secure cipher suites in OpenSSL format is available at [[https://wiki.mozilla.org/Security/Server_Side_TLS|Mozilla wiki]]. Note: JSSE+OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since, without it, the full certificate chain is not presented to the client. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
