Re: Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS Protocol TLS1.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dhanesh, On 1/18/17 6:03 AM, dhanesh1212121212 wrote: > Thanks for the support. This meets our requirement. We are going > with stable java 1.8 version (default TLSv1.2) which has support > for tomcat 7.0.34 + TLSv1.2. I would recommend upgrading to Tomcat 8.0.x or Tomcat 8.5.x if you are going to go through a whole round of testing anyway. > Need one more information. Question is mentioned below. > > Suppose my web server (Apache) and application (Tomcat) is using > TLS1.2 protocol and some other web server with TLSv1.0 or TLSv1.1 > is passing a request to our server. In that case, the "some other web server" is considered the client. > Will the response will be 200Ok without any SSL secure negotiation > error? That depends upon how you configure your server. If you want to accept *only* TLSv1.2, then a client attempting to contact your server using TLSv1 or TLSv1.1 will fail to connect. They will not get an HTTP response. Instead, they'll get a TLS handshake failure. > Will all requests from client (browser) to server will happen > without any error? As long as your clients support the protocols your server does, you should be fine. Most of the world has abandoned SSLv3 at this point, and so should you. Most of the world now supports TLSv1.2, and so should you. The only question is whether or not it is safe for you to disable TLSv1 and TLSv1.1, and whether or not you actually want to do that. Do you have a specific reason to disable TLSv1 and TLSv1.1? If not, leave them enabled and you will reach the widest audience that is currently reasonable. If you want to be as super-secure as you think you can be, disable everything except TLSv1.2. - -chris > On Fri, Dec 16, 2016 at 12:39 PM, > wrote: > >> This was a typo, no plans for tls 1.3 in java yet >> >> -Ursprüngliche Nachricht- Von: Christopher Schultz >> [mailto:ch...@christopherschultz.net] Gesendet: Donnerstag, 15. >> Dezember 2016 22:36 An: Tomcat Users List >> Betreff: Re: Tomcat Version 7.0.34 + >> jdk 1.6 is not supporting TLS Protocol TLS1.2 >> > Frank, > > On 12/15/16 10:19 AM, frank.pien...@materna.de wrote: >>>> Q1 use recent java8 Version if you want secure TLS 1.3 >>>> choose right cipher. > > That might have been a typo, but I wanted to be clear that Java 8 > doesn't support TLSv1.3. > > TLSv1.3 is still in a draft state, and is not widely-deployed. > > -chris >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYf4VYAAoJEBzwKT+lPKRYn20QALn+NvIlRKMJyeO6+rw1yR/A YzOSEtNMlRAdJkbOuQP6ceSShNgv18dV6IKDLwJzTwri61Qq0iVb/cC9HzYyb6F2 PStU4VwgveWypJ9UsWq9Lfw2jO1XN9Qu6nuDllF0tQiJIBqGMOfeWwW3/x9sa2qw WMMelkk1nU8en4UfMcWxWtJQwmcvdGwtvF8ixPZZGJoTHL3uqofcOPENe27McorK QOTzP4hzqq7AJV2fGYLlVo4efRNEmYfR1y5wSidqXay7gqqRki05p8HjJNuQGCj9 tuJ84/LiI6vun3E1W/c+7L+PmqwEvwjOYi35FOqhliyo0H5Z4Yp6KFYFHiIYHA/V Y6D46OlEeWnjqBt1z58/Qa9ubWumFjTYTXA3xxXONo/YzsAfI6vi3inty99H8RSH kRsyAkQzEh0FB/WDYBZBWUMvg28IACiFzTEtDuyV5exvLjgtYKwrf4ibaXueA5+h oOgzy54x9gD0miC50qI8ZNUMMtXwa5LXRBU7/jnCEV9K9S5F9BmHJLdADQwPWwUF NJMHolkP5MXwvDj6gsZGCUrjLkUsJpdm7j9vXdhdllh2X5sAyNAb55iIDWACuLe1 V4j+mPE6IgeWfGauy4kmXs2WiyUQQR7fy2Xfvh9MSDQv4Wdxv9HCKSMB9dNEFszl Vymi6g3mZXJy0J9kVEcT =bLM6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS Protocol TLS1.2
Hi All, Thanks for the support. This meets our requirement. We are going with stable java 1.8 version (default TLSv1.2) which has support for tomcat 7.0.34 + TLSv1.2. Need one more information. Question is mentioned below. Suppose my web server (Apache) and application (Tomcat) is using TLS1.2 protocol and some other web server with TLSv1.0 or TLSv1.1 is passing a request to our server. Will the response will be 200Ok without any SSL secure negotiation error? Will all requests from client (browser) to server will happen without any error? Regards, Dhanesh M. On Fri, Dec 16, 2016 at 12:39 PM, wrote: > This was a typo, no plans for tls 1.3 in java yet > > -Ursprüngliche Nachricht- > Von: Christopher Schultz [mailto:ch...@christopherschultz.net] > Gesendet: Donnerstag, 15. Dezember 2016 22:36 > An: Tomcat Users List > Betreff: Re: Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS > Protocol TLS1.2 > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Frank, > > On 12/15/16 10:19 AM, frank.pien...@materna.de wrote: > > Q1 use recent java8 Version if you want secure TLS 1.3 choose right > > cipher. > > That might have been a typo, but I wanted to be clear that Java 8 doesn't > support TLSv1.3. > > TLSv1.3 is still in a draft state, and is not widely-deployed. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJYUwyuAAoJEBzwKT+lPKRYYHoP/izmnbO5I+Vr9hEqYy1iWbj7 > cYXUlkm6ci44EQDxfLp6ssUW1qrZP9Z+5hskAWG71Gwj1UbSgawSyfMXjVFkETeh > 5Dglhivjd6XrUeeCwSogGPbix4cetYtUVSJedq0M93tJyD6zQ5usmVn98yibui+X > IpXX2un2s+JQHXDNb8HLBmFJIGyaCylw2wgFeVQpOkVeY0lwujx5V5snOJ+ZnfxP > a5+jtqY6z9NL1VJ+5M8U8tSMRMDScc7j7rGaknmaLur7BOBX6WM7ZDftdUGc+UWg > EumxyBEr59ZU3e6Gee1TQUtxugRH0cgshngYQPGFNRS1hrfR7jKBZQpzZ1iXH94L > mxAliRPdI99sZM78Ro1g1QbcR0GzLOCnf495KciUwqVaQkTOHgEef8SL3M6hI3zp > 5e4+aKUeP6Y8QLxYbbTf6DP7/usin3DkCuzk4SD5W98OB1+dnyR3atQLHm1Huveh > YZtCcvSXbn6m2gAul6nFV8xRld5yilrHZfA6U+r7/1jVfmYB1qchVI9hDitG6bRd > CSnL3eu70DeBfL+yZFbVTEH9CGZJGKlw0l/27MmA8ANoE/QCOrJbD3ykcNIlRwSh > hbS2t36O4T9sddGHO2t22xVaxGyiEzMd8BSGDebHsJ1F6KU/LBiIW9afmnU23aVY > ITu78EsDcpKAvJcBfx+k > =jJvC > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
AW: Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS Protocol TLS1.2
This was a typo, no plans for tls 1.3 in java yet -Ursprüngliche Nachricht- Von: Christopher Schultz [mailto:ch...@christopherschultz.net] Gesendet: Donnerstag, 15. Dezember 2016 22:36 An: Tomcat Users List Betreff: Re: Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS Protocol TLS1.2 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Frank, On 12/15/16 10:19 AM, frank.pien...@materna.de wrote: > Q1 use recent java8 Version if you want secure TLS 1.3 choose right > cipher. That might have been a typo, but I wanted to be clear that Java 8 doesn't support TLSv1.3. TLSv1.3 is still in a draft state, and is not widely-deployed. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYUwyuAAoJEBzwKT+lPKRYYHoP/izmnbO5I+Vr9hEqYy1iWbj7 cYXUlkm6ci44EQDxfLp6ssUW1qrZP9Z+5hskAWG71Gwj1UbSgawSyfMXjVFkETeh 5Dglhivjd6XrUeeCwSogGPbix4cetYtUVSJedq0M93tJyD6zQ5usmVn98yibui+X IpXX2un2s+JQHXDNb8HLBmFJIGyaCylw2wgFeVQpOkVeY0lwujx5V5snOJ+ZnfxP a5+jtqY6z9NL1VJ+5M8U8tSMRMDScc7j7rGaknmaLur7BOBX6WM7ZDftdUGc+UWg EumxyBEr59ZU3e6Gee1TQUtxugRH0cgshngYQPGFNRS1hrfR7jKBZQpzZ1iXH94L mxAliRPdI99sZM78Ro1g1QbcR0GzLOCnf495KciUwqVaQkTOHgEef8SL3M6hI3zp 5e4+aKUeP6Y8QLxYbbTf6DP7/usin3DkCuzk4SD5W98OB1+dnyR3atQLHm1Huveh YZtCcvSXbn6m2gAul6nFV8xRld5yilrHZfA6U+r7/1jVfmYB1qchVI9hDitG6bRd CSnL3eu70DeBfL+yZFbVTEH9CGZJGKlw0l/27MmA8ANoE/QCOrJbD3ykcNIlRwSh hbS2t36O4T9sddGHO2t22xVaxGyiEzMd8BSGDebHsJ1F6KU/LBiIW9afmnU23aVY ITu78EsDcpKAvJcBfx+k =jJvC -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS Protocol TLS1.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Frank, On 12/15/16 10:19 AM, frank.pien...@materna.de wrote: > Q1 use recent java8 Version if you want secure TLS 1.3 choose > right cipher. That might have been a typo, but I wanted to be clear that Java 8 doesn't support TLSv1.3. TLSv1.3 is still in a draft state, and is not widely-deployed. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYUwyuAAoJEBzwKT+lPKRYYHoP/izmnbO5I+Vr9hEqYy1iWbj7 cYXUlkm6ci44EQDxfLp6ssUW1qrZP9Z+5hskAWG71Gwj1UbSgawSyfMXjVFkETeh 5Dglhivjd6XrUeeCwSogGPbix4cetYtUVSJedq0M93tJyD6zQ5usmVn98yibui+X IpXX2un2s+JQHXDNb8HLBmFJIGyaCylw2wgFeVQpOkVeY0lwujx5V5snOJ+ZnfxP a5+jtqY6z9NL1VJ+5M8U8tSMRMDScc7j7rGaknmaLur7BOBX6WM7ZDftdUGc+UWg EumxyBEr59ZU3e6Gee1TQUtxugRH0cgshngYQPGFNRS1hrfR7jKBZQpzZ1iXH94L mxAliRPdI99sZM78Ro1g1QbcR0GzLOCnf495KciUwqVaQkTOHgEef8SL3M6hI3zp 5e4+aKUeP6Y8QLxYbbTf6DP7/usin3DkCuzk4SD5W98OB1+dnyR3atQLHm1Huveh YZtCcvSXbn6m2gAul6nFV8xRld5yilrHZfA6U+r7/1jVfmYB1qchVI9hDitG6bRd CSnL3eu70DeBfL+yZFbVTEH9CGZJGKlw0l/27MmA8ANoE/QCOrJbD3ykcNIlRwSh hbS2t36O4T9sddGHO2t22xVaxGyiEzMd8BSGDebHsJ1F6KU/LBiIW9afmnU23aVY ITu78EsDcpKAvJcBfx+k =jJvC -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS Protocol TLS1.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dhanesh, On 12/15/16 8:29 AM, dhanesh1212121212 wrote: > Hi Team, > > *Requirement:* > > Support for PROTOCOL TLSv1.2. > > We are currently using Tomcat Version 7.0.34 + jdk 1.6 and this is > not supporting TLS Protocol TLS1.2. That's because there are no public versions of Java 1.6 which support TLSv1.2. You'll need to upgrade your JVM ... or take some other steps. > Please let us know what are the steps we need to take to have > support of TLS1.2 in Tomcat Version 7.0.34. > > Posting few questions along with this for better understanding. > > Question 1. DO we need to upgrade Tomcat Version and Java Version, > if yes which version we need to choose. The easiest thing to do would be to upgrade to a more recent Java version. Java 1.7 and 1.8 both support TLSv1.2. I would recommend Java 8 since Java 7 is no longer supported (as is Java 6, incidentally). > Refereed the Tomcat Site > "http://tomcat.apache.org/whichversion.html";, will Tomcat Version > 7.0.34 support jdk 1.8? Read that page carefully. I think you'll be able to answer your own question. > Question 2. Which is the best approach Tomcat Version 7.0.34 + jdk > 1.7 or jdk 1.8? See above. > Question 3. Do we need to upgrade Tomcat version to new one, if yes > then which is the best working solution to achieve the requirement > mentioned above? You do not /need/ to upgrade, but you might /want to/ upgrade. Tomcat 8 improvements over earlier versions. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYUwXxAAoJEBzwKT+lPKRY994QALxWBnApb1Gyd+9/3WulP31/ TFTeCTbZKtX4yWHFceg/XjD66xHENlfg790drL7HPRyKe3caPB560P2ORfkLuNDS HWQbAiKOdD35zVcFnFBM9Dha67L/A/MvVdatArUTC6irjVCrpxmUuEFdcX3pLbOi xf9hp8N8R1ogrRnhfUSc3MezUpP0i3SDDo/Lj77O0n9+SZydKc+7Zda1tf9N2ZEJ XJDDv5miVOmyFBlrxPovxt5/XZKS/vuurTWTHGfJkurH2LP4J1LuqqAC6HHwU8QC 1yZqQNxgGwIFh6RrA6NSw5qTj39c8z7NliCzamUdz6yLyJXd4FNiZGwQ0ZjC+CKH xXQPkvnSaYS3/XzygA8M+5/TdcVDJ3Sa3uyDZpEwbf1vyJRk7wAjv+inq+jIRUlM 8rL4pLLzLYep5Q6di2FZsJsHJKUexVj5NxEh0vavjs9GV1upv92Eh3n5qUGiD89l +tgIMzZvpba9EUT6zVdaq6ukoopEZSaIDaxPqgDMooIVkW1ZEFDqqwMuo9dUz5fk PjujFLBVGvlwqhcoqDBRFbkSBWtIrrdymzPiVHKRCDKfYl9zbTEVPVDQOpjP9rJK MywOLR0EQliuujkKh+Q2W3zFBK9YI38lNVOqK05RgRFJNBrmTsBajyZQ+gzP+q3r w7bDh0/+EXjXfYYJhsCd =yhfY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS Protocol TLS1.2
It's correct that Java7 is sufficient for tls1.2 but to be more secure and use recent cipher suits I recommend use java8 which is the only maintained version by Oracle > Am 15.12.2016 um 16:55 schrieb Hrivnak, Dan : > > > > On 12/15/16, 9:19 AM, "frank.pien...@materna.de" > wrote: > > > > > >Q1 use recent java8 Version if you want secure TLS 1.3 choose right > cipher. > > > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.apache.org_tomcat_Security_Ciphers&d=DgIFAg&c=9qXE_JLypiubC-9T_PAPwg&r=Xhx3wY6yyvp3Qb9jYE01li0hTn39VkdJ0f9dlbDc57Y&m=Xrdrm6GVqFwIoc_CKnTdYIIAsjL2s5HVajfxaWvZkvU&s=bWb7vf4IPQvPG9eAlrjJ-wX4Pxc8w-NTowuTmC2bL5g&e= > >q2 > >Jre8u122+Tomcat 7.0.73 > >Q3 Upgrade should be easy and you need it for Tls1.2 > >Question 1. DO we need to upgrade Tomcat Version and Java Version, if yes > >which version we need to choose. > > > >Refereed the Tomcat Site > "https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_whichversion.html&d=DgIFAg&c=9qXE_JLypiubC-9T_PAPwg&r=Xhx3wY6yyvp3Qb9jYE01li0hTn39VkdJ0f9dlbDc57Y&m=Xrdrm6GVqFwIoc_CKnTdYIIAsjL2s5HVajfxaWvZkvU&s=6nGWeTS-AZoQeyKqTiC6iHB_qCDZa0q79bz0jn0rCeQ&e= > ", > >will Tomcat Version 7.0.34 support jdk 1.8? > > > >Question 2. Which is the best approach Tomcat Version 7.0.34 + jdk 1.7 or > >jdk 1.8? > > > >Question 3. Do we need to upgrade Tomcat version to new one, if yes then > >which is the best working solution to achieve the requirement mentioned > >above? > > > > --> Sorry, not sure how to quote the above. Tomcat shouldn’t have anything to > do with the TLS version supported by Java. To support TLSv1.2 you will need > to upgrade Java to at least version 7. > > > > I hope that helps, > > Daniel Hrivnak > > > > > >Thanks and Regards, > >Dhanesh M. > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS Protocol TLS1.2
On 12/15/16, 9:19 AM, "frank.pien...@materna.de" wrote: Q1 use recent java8 Version if you want secure TLS 1.3 choose right cipher. https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.apache.org_tomcat_Security_Ciphers&d=DgIFAg&c=9qXE_JLypiubC-9T_PAPwg&r=Xhx3wY6yyvp3Qb9jYE01li0hTn39VkdJ0f9dlbDc57Y&m=Xrdrm6GVqFwIoc_CKnTdYIIAsjL2s5HVajfxaWvZkvU&s=bWb7vf4IPQvPG9eAlrjJ-wX4Pxc8w-NTowuTmC2bL5g&e= q2 Jre8u122+Tomcat 7.0.73 Q3 Upgrade should be easy and you need it for Tls1.2 Question 1. DO we need to upgrade Tomcat Version and Java Version, if yes which version we need to choose. Refereed the Tomcat Site "https://urldefense.proofpoint.com/v2/url?u=http-3A__tomcat.apache.org_whichversion.html&d=DgIFAg&c=9qXE_JLypiubC-9T_PAPwg&r=Xhx3wY6yyvp3Qb9jYE01li0hTn39VkdJ0f9dlbDc57Y&m=Xrdrm6GVqFwIoc_CKnTdYIIAsjL2s5HVajfxaWvZkvU&s=6nGWeTS-AZoQeyKqTiC6iHB_qCDZa0q79bz0jn0rCeQ&e= ", will Tomcat Version 7.0.34 support jdk 1.8? Question 2. Which is the best approach Tomcat Version 7.0.34 + jdk 1.7 or jdk 1.8? Question 3. Do we need to upgrade Tomcat version to new one, if yes then which is the best working solution to achieve the requirement mentioned above? --> Sorry, not sure how to quote the above. Tomcat shouldn’t have anything to do with the TLS version supported by Java. To support TLSv1.2 you will need to upgrade Java to at least version 7. I hope that helps, Daniel Hrivnak Thanks and Regards, Dhanesh M.
Re: Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS Protocol TLS1.2
Q1 use recent java8 Version if you want secure TLS 1.3 choose right cipher. https://wiki.apache.org/tomcat/Security/Ciphers q2 Jre8u122+Tomcat 7.0.73 Q3 Upgrade should be easy and you need it for Tls1.2 Question 1. DO we need to upgrade Tomcat Version and Java Version, if yes which version we need to choose. Refereed the Tomcat Site "http://tomcat.apache.org/whichversion.html";, will Tomcat Version 7.0.34 support jdk 1.8? Question 2. Which is the best approach Tomcat Version 7.0.34 + jdk 1.7 or jdk 1.8? Question 3. Do we need to upgrade Tomcat version to new one, if yes then which is the best working solution to achieve the requirement mentioned above? Thanks and Regards, Dhanesh M.
Tomcat Version 7.0.34 + jdk 1.6 is not supporting TLS Protocol TLS1.2
Hi Team, *Requirement:* Support for PROTOCOL TLSv1.2. We are currently using Tomcat Version 7.0.34 + jdk 1.6 and this is not supporting TLS Protocol TLS1.2. Please let us know what are the steps we need to take to have support of TLS1.2 in Tomcat Version 7.0.34. Posting few questions along with this for better understanding. Question 1. DO we need to upgrade Tomcat Version and Java Version, if yes which version we need to choose. Refereed the Tomcat Site "http://tomcat.apache.org/whichversion.html";, will Tomcat Version 7.0.34 support jdk 1.8? Question 2. Which is the best approach Tomcat Version 7.0.34 + jdk 1.7 or jdk 1.8? Question 3. Do we need to upgrade Tomcat version to new one, if yes then which is the best working solution to achieve the requirement mentioned above? Thanks and Regards, Dhanesh M.