[tomcat] branch main updated: Drop section that relates to java 7 and earlier

Sat, 21 Aug 2021 12:58:22 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 4f3db08  Drop section that relates to java 7 and earlier
4f3db08 is described below

commit 4f3db0890f6df5929c013e34fd29ad715a94d29e
Author: Mark Thomas <[email protected]>
AuthorDate: Sat Aug 21 20:58:08 2021 +0100

    Drop section that relates to java 7 and earlier
---
 webapps/docs/ssl-howto.xml | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/webapps/docs/ssl-howto.xml b/webapps/docs/ssl-howto.xml
index cf83139..997e619 100644
--- a/webapps/docs/ssl-howto.xml
+++ b/webapps/docs/ssl-howto.xml
@@ -570,24 +570,6 @@ SSL communications, and what to do about them.</p>
     sensitive!</p>
     </li>
 
-<li>My Java-based client aborts handshakes with exceptions such as
-    "java.lang.RuntimeException: Could not generate DH keypair" and
-    "java.security.InvalidAlgorithmParameterException: Prime size must be 
multiple
-    of 64, and can only range from 512 to 1024 (inclusive)"
-
-    <p>If you are using the the JSSE OpenSSL implementation,
-    it will determine the strength of ephemeral DH keys from the key size of
-    your RSA certificate. For example a 2048 bit RSA key will result in
-    using a 2048 bit prime for the DH keys. Unfortunately Java 6 only supports
-    768 bit and Java 7 only supports 1024 bit. So if your certificate has a
-    stronger key, old Java clients might produce such handshake failures.
-    As a mitigation you can either try to force them to use another cipher by
-    configuring an appropriate <code>SSLCipherSuite</code> and activate
-    <code>SSLHonorCipherOrder</code>, or embed weak DH params in your
-    certificate file. The latter approach is not recommended because it weakens
-    the SSL security (logjam attack).</p>
-    </li>
-
 </ul>
 
 <p>If you are still having problems, a good source of information is the

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to