Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=19&rev2=20 Comment: Remove references to Java 5 and Tomcat 6 == BIO/NIO/NIO2 with JSSE Results (Default) == - || || Java 5 || Java 6 || Java 7 || Java 8 || + || || Java 6 || Java 7 || Java 8 || - || Tomcat 6 || C || C || A || A || - || Tomcat 7 || N/A || C || A || A || + || Tomcat 7 || C || A || A || - || Tomcat 8 || N/A || N/A || A || A || + || Tomcat 8 || N/A || A || A || - || Tomcat 8.5 || N/A || N/A || A || A || + || Tomcat 8.5 || N/A || A || A || - || Tomcat 9 || N/A || N/A || N/A || A || + || Tomcat 9 || N/A || N/A || A || Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files - Note: The Java 5 and 6 results are capped at C because neither Java 5 nor 6 support TLS 1.1 or 1.2. + Note: The 6 results are capped at C because Java 6 does not support TLS 1.1 or 1.2. The equivalent OpenSSL cipher configurations used to obtain the above results are: - || Java 5 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE || || Java 6 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE || || Java 7 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE || || Java 8 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA || - Note: kRSA ciphers are not excluded in Java 6 and earlier since they are likely to be the only ones left + Note: kRSA ciphers are not excluded in Java 6 since they are likely to be the only ones left Note: In Java 7 and earlier DHE ciphers use insecure DH keys with no means to configure longer keys which is why DHE ciphers are excluded in those Java versions. == NIO/NIO2 with JSSE+OpenSSL Results (Default) == - || || Java 5 || Java 6 || Java 7 || Java 8 || + || || Java 6 || Java 7 || Java 8 || - || Tomcat 8.5 || N/A || N/A || A || A || + || Tomcat 8.5 || N/A || A || A || - || Tomcat 9 || N/A || N/A || N/A || A || + || Tomcat 9 || N/A || N/A || A || The OpenSSL cipher configuration used was '''HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'''. Up-to-date selection of secure cipher suites in OpenSSL format is available at [[https://wiki.mozilla.org/Security/Server_Side_TLS|Mozilla wiki]]. @@ -40, +38 @@ == APR with OpenSSL Results (Default) == - || || Java 5 || Java 6 || Java 7 || Java 8 || + || || Java 6 || Java 7 || Java 8 || - || Tomcat 6 || A || A || A || A || - || Tomcat 7 || N/A || A || A || A || + || Tomcat 7 || A || A || A || - || Tomcat 8 || N/A || N/A || A || A || + || Tomcat 8 || N/A || A || A || - || Tomcat 8.5 || N/A || N/A || A || A || + || Tomcat 8.5 || N/A || A || A || - || Tomcat 9 || N/A || N/A || N/A || A || + || Tomcat 9 || N/A || N/A || A || The OpenSSL cipher configuration used was '''HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'''. Up-to-date selection of secure cipher suites in OpenSSL format is available at [[https://wiki.mozilla.org/Security/Server_Side_TLS|Mozilla wiki]]. == Environment == The results above were generated with: - * Java 5, 64-bit, update 22 * Java 6, 64-bit, update 45 * Java 7, 64-bit, update 80 * Java 8, 64-bit, update 77 - * Apache Tomcat 6.0.46-dev, r1737284. * Apache Tomcat 7.0.69-dev, r1737253. * Apache Tomcat 8.0.34-dev, r1737224. * Apache Tomcat 8.5.1-dev, r1737241. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org