Running sslscan against Tomcat 8.0.43 / Oracle Java 8u121 and a Tomcat
server.xml containing
ciphers="HIGH:!aNULL:!RC4:!MD5:@STRENGTH"
shows the strongest cipher is
ECDHE-RSA-AES128-GCM-SHA256
Installing the Java unlimited strength policy files increases this to
ECDHE-RSA-AES256-GCM-SHA384
On Fri, Jun 2, 2017 at 1:29 AM, Matt Caswell wrote:
> That's very strange. Those exact same commands work fine for me. Are you
> sure you are picking up the version of 1.1.0e compiled with
> enable-weak-ssl-ciphers and not some other previous compilation of 1.1.0e?
>
Yes I am
On Thu, Jun 01, 2017 at 10:16:01AM -0700, Siyuan Xiang wrote:
>
> ./config enable-weak-ssl-ciphers --prefix=/opt
Does this set a suitable RPATH?
> make
> make DESTDIR=/path/to/dir INSTALL
And now install in yet another place?
> $ ./openssl version
> OpenSSL 1.1.0e 16 Feb 2017
The resulting
Yes, you are right. openssl binary is linking to a wrong shared library.
The code is fine, it's linking to the static library.
thanks.
Regards,
Siyuan
---
On Mon, Jun 5, 2017 at 3:40 PM, Viktor Dukhovni
wrote:
> On Thu, Jun 01, 2017 at 10:16:01AM -0700, Siyuan