Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-30 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 6/30/17 1:30 PM, Todd wrote: > Christopher Schultz-2 wrote >> Yup: if you use iptables (ipchains hasn't been used in ... >> decades?) to do port-redirection, then you are in fact hitting >> Tomcat / JVM (essentially) directly. > > Yes -

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-30 Thread Todd
Christopher Schultz-2 wrote > Yup: if you use iptables (ipchains hasn't been used in ... decades?) > to do port-redirection, then you are in fact hitting Tomcat / JVM > (essentially) directly. Yes - iptables, sorry brain fart. Christopher Schultz-2 wrote > Can you confirm whether or not you

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-30 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 6/30/17 10:21 AM, Todd wrote: > Peter Kreuser wrote >>> >>> Can you provide a clean configuration that exhibits this >>> behavior? >>> >>> What are you using to test the effective configuration? >> >> Another question: are you sure that

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-30 Thread Todd
Peter Kreuser wrote >> >> Can you provide a clean configuration that exhibits this behavior? >> >> What are you using to test the effective configuration? > > Another question: are you sure that you hit the Connector that you > configure? Tomcat should be reasonably configured in defaults with

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-26 Thread Peter Kreuser
Todd, Peter Kreuser Peter Kreuser > Am 26.06.2017 um 18:56 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Todd, > >> On 6/23/17 2:56 PM, Todd wrote: >> Thank you Peter - I tried that previously, and just to double

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-26 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 6/23/17 2:56 PM, Todd wrote: > Thank you Peter - I tried that previously, and just to double check > tried it again. No difference at all. a set of ciphers is being > presented that do not match to the cipher list that I've included > at

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-23 Thread Todd
Todd wrote >> I'm experiencing the exact same issue with 8.5.14 - cipher list seems to >> be >> ignored, regardless of what I put in SSLAbs and validating via browser on >> my >> website a set of ciphers is used that I have not listed. >> >> I am able to change protocols (for instance, I can

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-23 Thread logo
Todd, > Am 23.06.2017 um 18:53 schrieb Todd >: > > I'm experiencing the exact same issue with 8.5.14 - cipher list seems to be > ignored, regardless of what I put in SSLAbs and validating via browser on my > website a set of ciphers is used that I