DO NOT REPLY [Bug 29695] - regression in SSL cipher strength
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=29695. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=29695 [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|CLOSED --- Additional Comments From [EMAIL PROTECTED] 2004-11-19 07:31 --- sun jdk1.5 also brings AES256 back for 5.0.28 -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 29695] - regression in SSL cipher strength
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=29695. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=29695 regression in SSL cipher strength --- Additional Comments From [EMAIL PROTECTED] 2004-10-07 17:45 --- interestingly, when moving to ibm_j2skd_142 as JVM and setting sslProtocol=SSL algorithm=IbmX509 Mozilla gets back up to 256 bit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 29695] - regression in SSL cipher strength
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=29695. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=29695 regression in SSL cipher strength --- Additional Comments From [EMAIL PROTECTED] 2004-10-06 14:24 --- had a look at this again, for those interested, pls find the etheral dumps attached next. java version 1.4.2_05 Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_05-b04) Java HotSpot(TM) Client VM (build 1.4.2_05-b04, mixed mode) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 29695] - regression in SSL cipher strength
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=29695. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=29695 regression in SSL cipher strength --- Additional Comments From [EMAIL PROTECTED] 2004-10-06 14:25 --- Created an attachment (id=12960) tomcat5-ssl-cipherStrengthRegression.tgz etheral dumps - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 29695] - regression in SSL cipher strength
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=29695. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=29695 regression in SSL cipher strength [EMAIL PROTECTED] changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID | --- Additional Comments From [EMAIL PROTECTED] 2004-06-29 08:24 --- This is very irritating. So far, I thought that the open-source philosophy is about everybody contributing what she or he can. In this spirit, it should be o.k. if somebody only describes a symptom of a problem, but doesn't give the solution at the same time. Sure, such symptoms may go unresolved/unanswered if no one else is affected by them. And since those free testers are not paid, their hit rate and description quality may be lower than when paid testers are used. But that (without any apparent effort to reproduce the issue by the bug-committer) such a symptom description gets resolved as invalid appears to be quite alarming - are the bug-committers of the tomcat project interested in constructive(!) feedback at all? Especially if it is in the security domain, it is dangerous to claim a problem doesn't exist just because one doesn't feel like spending time on it. Sure, this is not openBSD nor is it a major security hole and thus I didn't expect that everybody would jump to fix it, but something that can be reproduced without any effort to be declared invalid is very strange. So far, I told my clients: and if you use an opensource browser such as Mozilla, you even get double strength payload encryption! - this unfortunately no longer holds with tomcat 5. As per the issue - I could easily provide screenshots, server.xml files etc. and I did ask Remy in a private conversation that unfortunately was never answered: From: Ralf Hauser [EMAIL PROTECTED] Sent: Sunday, June 20, 2004 2:05 PM To: '[EMAIL PROTECTED]' Subject: Re: Regression in SSL cipher strength Remy, I am happy to give you more details. It is really ceteris paribus - the only change is that I use v4 or v5 of Tomcat. Same application as before, same certificates. Where would you need more background info in order to further consider this? Regards Ralf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 29695] - regression in SSL cipher strength
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=29695. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=29695 regression in SSL cipher strength [EMAIL PROTECTED] changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2004-06-29 09:44 --- Then give the details rather than rants and whines, but you don't seem to be aware of any technical details anyway (such as the fact that Tomcat does not provide the SSL implementation, and that there's relatively little control over the cipher being used, etc). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 29695] - regression in SSL cipher strength
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=29695. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=29695 regression in SSL cipher strength [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 29695] - regression in SSL cipher strength
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=29695. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=29695 regression in SSL cipher strength --- Additional Comments From [EMAIL PROTECTED] 2004-06-20 11:23 --- Please investigate this more, or this will be resolved as INVALID. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]