https://issues.apache.org/bugzilla/show_bug.cgi?id=55988
Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Connectors |Connectors
Version|trunk |unspecified
Product|Tomcat 8 |Tomcat 9
Target Milestone|---- |-----
--- Comment #15 from Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com> ---
Chris,
(In reply to Christopher Schultz from comment #14)
> Ognjen, if you are still willing to produce a patch, consider writing it
> against trunk, which will require Java 8 so won't need the reflection. If we
> decide to back-port to Tomcat 8, the reflection can be re-introduced.
Ok. I will attach patch for Tomcat 9. As you suggested:
1. Parameter name is useServerCipherSuitesOrder insted of useCipherSuitesOrder.
2. Code is deduplicated / moved to superclass.
To test it:
(1) Install JDK 1.8.0
(2) Install Java 8 JCE Unlimited Strength
(3) Apply patch, build Tomcat
(4) Add JSSE Connector configuration to server.xml:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
useServerCipherSuitesOrder="true"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA"
/>
(5) Start Tomcat. Forward Secrecy is enabled (on all clients that support it)
To test with NIO2, just replace Http11NioProtocol with Http11Nio2Protocol.
-Ognjen
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
