Re: Tomcat 7 / Java 7
On 03.02.2014, at 22:19, Singh, Ragini rsi...@central.uh.edu wrote: Hello, I upgraded Java 1.6.45 to Java 1.7.51 using java-1.7.0-oracle.x86_64 : Oracle Java Runtime Environment on RHEL 5. Used the alternatives command to make the Java 7 as Java version. Now in my custom startup script if I define JAVA_HOME as JAVA_HOME=/usr/lib/jvm/java tomcat 7 recognizes the java as 1.6 ( the previous version) and gives this message INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-sun-1.6.0.45 .x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.45.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-sun-1.6.0.45.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib 64:/lib64:/lib:/usr/lib I modified the JAVA_HOME to JAVA_HOME=/usr/lib/jvm/jre-1.7.0-oracle.x86_64. Now tomcat starts and gives the message as INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib I believe it is not recognizing the correct Java version which is 1.7. Am I missing anything ? AFAICT Java 7 has removed $JAVA_HOME/jre/lib/architecture[/vmtype] and $JAVA_HOME/lib/architecture from the default java.library.path - this is independent of Tomcat. So it is very likely that Tomcat *is* using the desired Java now. Others have already written how to verify for sure. Thank you, -Ragini Rainer Frey - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 7 / Java 7
Thank you Christopher!! I understand that the message is just an INFO and not an error. Also, I haven’t installed tcnative as I am not using it. My question was regarding the difference in messages when I change JAVA version using JAVA_HOME. Is there a way I can find out which version of JAVA Tomcat is using? Thank you, -Ragini -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, February 03, 2014 3:42 PM To: Tomcat Users List Subject: Re: Tomcat 7 / Java 7 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ragini, On 2/3/14, 4:19 PM, Singh, Ragini wrote: I upgraded Java 1.6.45 to Java 1.7.51 using java-1.7.0-oracle.x86_64 : Oracle Java Runtime Environment on RHEL 5. Used the alternatives command to make the Java 7 as Java version. Now in my custom startup script if I define JAVA_HOME as JAVA_HOME=/usr/lib/jvm/java tomcat 7 recognizes the java as 1.6 ( the previous version) and gives this message INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-sun-1.6.0.45 .x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.45.x86_ 64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-sun-1.6.0.45.x86_64/jre/../li b/amd64:/usr/java/packages/lib/amd64:/usr/lib 64:/lib64:/lib:/usr/lib I modified the JAVA_HOME to JAVA_HOME=/usr/lib/jvm/jre-1.7.0-oracle.x86_64. Now tomcat starts and gives the message as INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib I believe it is not recognizing the correct Java version which is 1.7. Am I missing anything ? Have you installed tcnative? Installing tcnative is a prerequisite for using tcnative. Note that the above is an INFO message and not an error in any way. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS8A0eAAoJEBzwKT+lPKRYss8P/05QCOEVNmHlbjrvyZplv2yI vLb9GL+5YhzNMawHoAKOeGzs3Pjkoux0+zbV5MNrvOZKhoM9r299eaoJTD9LVNbw Udz/Ip9TYmdPmP5OczO8D9+FNQX2pfzqSVMABMlLvi0/scC3EyV7/+PAZUEc/lYv K1Xm4mXiQpxCBBeS1v7D27WLzQGuIj4hj76aEwSf1tsw0GwMT6YKGioCjtSdBSeQ hVRmVI4CcqYwVrCNDXEF9El1ZO4QDN0l4FouApJd7/mlwTT6qRE9uTP9RUFmCGKh GT7yvP+rTnJ95A+c1jUe+FNRQDbiBAK+WMmqeNUL0GF/NVbGsL/DNykt1wrT1kR/ XgMsPWS/jFCeqpEpBBucKTrJalhNFiFltI1BLa0Lpc7eKtkWHbaDhFiSff/Q+Vf5 /ONLXsCmOSdDbzub7YH8CLlfWdykLJH++MuH1LPzy3dEkiCSFtwdAcmCo1fykH38 EtT0+Go0LNWoMKSQZYPOT3O5b71e3UgoKw8p9NWRpLNtsIVRFFsZZMomgBiVldQ1 H26Ng6rIK2XP+Aieq5V2VdraAByPkGQcKjGUexykPKZ4fewuCmKpQ+gKplxDyxFx uP/VcRp0jywUv/4kHjMBZG+eOFPySZ09i6QkZB80cIcoRIcfseTiBh0LqchclKyA VVbHk5QH86nuIKTo9zYF =JVDD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 / Java 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ragini, On 2/4/14, 10:05 AM, Singh, Ragini wrote: Thank you Christopher!! I understand that the message is just an INFO and not an error. Also, I haven’t installed tcnative as I am not using it. My question was regarding the difference in messages when I change JAVA version using JAVA_HOME. Is there a way I can find out which version of JAVA Tomcat is using? You can use jinfo pid but it only works within the same JVM: you'll have to use the right JVM version to connect in the first place. You can also connect via JMX or similar to inspect the JVM state. Take a look at the system properties which will tell you what's going on. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS8RO1AAoJEBzwKT+lPKRYcZgP/jNaQsu38vml9E6zUqLGRAPu uo1SwJj5pVSipBzZ3LCqnDkCsnxoZwc1nzMVe9yTy6AM1tjsHddOO5PQ+UeM8yKW xhcfD4f1GYVCEpt8siYd6y5TMtYyfuOdudLXdAzQ7G26FpO1LteoWB83S73zYGdR V+PnkWQYHNz4b8S61WbmJaGhMq3KbTD6Fvf2hlwXN8ql0egMYuYkKeBH+FfOmasl JVz3039Kl8fXvumaYh8Uf5c8aa1XHiaGC0GB+zq96bZaqRIUWC9qrAA5zlVVh/3v IVeqc0XUUrCo8dJUFkYWOD7BC8LuQDSn5t10Xm4LlpygI8+BHK0o896cuVv1ea1k +BYrg1m9Piw7uAq8Bh/gNa6wXcxdIaDaeWKkn6pKQVS4km07K3HufSPDjqpLAXfo iP4XsJa4hhzJa8vdCVISKiQK9a/OvtTv3N8bFBrtis0A1kGbD+X2GqU7BVoEtzQs uHg9tYK7nmK0PLDF4GtXCUfssmt739FYKyzSkhRpBcTVkoD+iGAvodzrdK+iccro X3f4elb6Ke3Sd8yE/vqacTtGfK9Q5oPQxCYtdGfuYgyU0CEh+HIq2LL2FpfMRRts rnaZu0NOrtDDLrVlVUzybyIvuHUIUwUI3VxiIgW5kBRaXdjrvFoaj136AyWwNDbE oN3lCkdCNB5IU+S0elp4 =MlX8 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 / Java 7
Please don't top post. On 2/4/2014 7:05 AM, Singh, Ragini wrote: Thank you Christopher!! I understand that the message is just an INFO and not an error. Also, I haven’t installed tcnative as I am not using it. My question was regarding the difference in messages when I change JAVA version using JAVA_HOME. Is there a way I can find out which version of JAVA Tomcat is using? Thank you, -Ragini -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, February 03, 2014 3:42 PM To: Tomcat Users List Subject: Re: Tomcat 7 / Java 7 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ragini, On 2/3/14, 4:19 PM, Singh, Ragini wrote: I upgraded Java 1.6.45 to Java 1.7.51 using java-1.7.0-oracle.x86_64 : Oracle Java Runtime Environment on RHEL 5. Used the alternatives command to make the Java 7 as Java version. Now in my custom startup script if I define JAVA_HOME as JAVA_HOME=/usr/lib/jvm/java tomcat 7 recognizes the java as 1.6 ( the previous version) and gives this message INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-sun-1.6.0.45 .x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.45.x86_ 64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-sun-1.6.0.45.x86_64/jre/../li b/amd64:/usr/java/packages/lib/amd64:/usr/lib 64:/lib64:/lib:/usr/lib I modified the JAVA_HOME to JAVA_HOME=/usr/lib/jvm/jre-1.7.0-oracle.x86_64. Now tomcat starts and gives the message as INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib I believe it is not recognizing the correct Java version which is 1.7. Am I missing anything ? Have you installed tcnative? Installing tcnative is a prerequisite for using tcnative. Note that the above is an INFO message and not an error in any way. - -chris Manager application shows the Java version at the bottom of the page. /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 / Java 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ragini, On 2/3/14, 4:19 PM, Singh, Ragini wrote: I upgraded Java 1.6.45 to Java 1.7.51 using java-1.7.0-oracle.x86_64 : Oracle Java Runtime Environment on RHEL 5. Used the alternatives command to make the Java 7 as Java version. Now in my custom startup script if I define JAVA_HOME as JAVA_HOME=/usr/lib/jvm/java tomcat 7 recognizes the java as 1.6 ( the previous version) and gives this message INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-sun-1.6.0.45 .x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.45.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-sun-1.6.0.45.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib 64:/lib64:/lib:/usr/lib I modified the JAVA_HOME to JAVA_HOME=/usr/lib/jvm/jre-1.7.0-oracle.x86_64. Now tomcat starts and gives the message as INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib I believe it is not recognizing the correct Java version which is 1.7. Am I missing anything ? Have you installed tcnative? Installing tcnative is a prerequisite for using tcnative. Note that the above is an INFO message and not an error in any way. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS8A0eAAoJEBzwKT+lPKRYss8P/05QCOEVNmHlbjrvyZplv2yI vLb9GL+5YhzNMawHoAKOeGzs3Pjkoux0+zbV5MNrvOZKhoM9r299eaoJTD9LVNbw Udz/Ip9TYmdPmP5OczO8D9+FNQX2pfzqSVMABMlLvi0/scC3EyV7/+PAZUEc/lYv K1Xm4mXiQpxCBBeS1v7D27WLzQGuIj4hj76aEwSf1tsw0GwMT6YKGioCjtSdBSeQ hVRmVI4CcqYwVrCNDXEF9El1ZO4QDN0l4FouApJd7/mlwTT6qRE9uTP9RUFmCGKh GT7yvP+rTnJ95A+c1jUe+FNRQDbiBAK+WMmqeNUL0GF/NVbGsL/DNykt1wrT1kR/ XgMsPWS/jFCeqpEpBBucKTrJalhNFiFltI1BLa0Lpc7eKtkWHbaDhFiSff/Q+Vf5 /ONLXsCmOSdDbzub7YH8CLlfWdykLJH++MuH1LPzy3dEkiCSFtwdAcmCo1fykH38 EtT0+Go0LNWoMKSQZYPOT3O5b71e3UgoKw8p9NWRpLNtsIVRFFsZZMomgBiVldQ1 H26Ng6rIK2XP+Aieq5V2VdraAByPkGQcKjGUexykPKZ4fewuCmKpQ+gKplxDyxFx uP/VcRp0jywUv/4kHjMBZG+eOFPySZ09i6QkZB80cIcoRIcfseTiBh0LqchclKyA VVbHk5QH86nuIKTo9zYF =JVDD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 / Java 7
Christopher, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ragini, On 2/3/14, 4:19 PM, Singh, Ragini wrote: I upgraded Java 1.6.45 to Java 1.7.51 using java-1.7.0-oracle.x86_64 : Oracle Java Runtime Environment on RHEL 5. Used the alternatives command to make the Java 7 as Java version. Now in my custom startup script if I define JAVA_HOME as JAVA_HOME=/usr/lib/jvm/java tomcat 7 recognizes the java as 1.6 ( the previous version) and gives this message INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-1.6.0-sun-1.6.0.45 .x86_64/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.45.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-sun-1.6.0.45.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib 64:/lib64:/lib:/usr/lib I modified the JAVA_HOME to JAVA_HOME=/usr/lib/jvm/jre-1.7.0-oracle.x86_64. Now tomcat starts and gives the message as INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib I believe it is not recognizing the correct Java version which is 1.7. Am I missing anything ? Have you installed tcnative? Installing tcnative is a prerequisite for using tcnative. Note that the above is an INFO message and not an error in any way. I believe that the OP was wondering about the apparent discrepancy between his setting of the JAVA_HOME environment variable, and then what Tomcat prints as a java.library.path in the log messages. (And I do not know if there is actually here a real discrepancy; just that the OP mentions there might be one). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 / Java 7
Yes it is compatible, and no, there is nothing you really need to do except to test your applications that they work too. On Mon, Jan 27, 2014 at 9:37 AM, Singh, Ragini rsi...@central.uh.eduwrote: Hello, Is Tomcat 7.0.42 compatible with Java 7? http://stackoverflow.com/questions/9294355/is-tomcat-7-now-compatible-with-java-7 If yes, do you know if there is something special to migrate an existing installation of Tomcat 7/Java 6 to Tomcat 7/Java 7? -Ragini
Re: Tomcat 7 / Java 7 with TLS 1.2 algorithms
It seems incorrect to me because RFC 5246 in 1.2 Major Differences from TLS 1.1 says this : .. All cipher suites in this document use P_SHA256. .. Added HMAC-SHA256 cipher suites I can't read anywhere that SHA384 and others SHOULD or MUST be implemented. Other RFCs updating this 5246 (5746, 5878, 6176 and Errata) don't talk about this either. However, in 5246 5. HMAC and the Pseudorandom Function we can read : In this section, we define one PRF, based on HMAC. This PRF with the SHA-256 hash function is used for all cipher suites defined in this document and in TLS documents published prior to this document when TLS 1.2 is negotiated. New cipher suites MUST explicitly specify a PRF and, in general, SHOULD use the TLS PRF with SHA-256 or a stronger standard hash function. This allows future usage of SHA384 and others, if defined correctly. regards A.T. 2013/8/22 Martin Gainty mgai...@hotmail.com: point of confusion Eric Rescorla specifically cites SHA384 in his cipher examples for TLS 1.2 Update http://www.ietf.org/rfc/rfc5246.txt http://www.ietf.org/proceedings/70/slides/tls-0.pdf Kuat Eshengazin used bltest as a test harness for SHA384 bltest -R -m prf_sha384 -k tests/prf_sha384/key0 -t tests/prf_sha384/seed0 -h -g 148 -x https://bugzilla.mozilla.org/show_bug.cgi?id=480514 Is this incorrect? Martin __ Please do not alter or disrupt this transmission..Thank You Date: Thu, 22 Aug 2013 14:53:55 +0100 Subject: Re: Tomcat 7 / Java 7 with TLS 1.2 algorithms From: aterrest...@gmail.com To: users@tomcat.apache.org According to RFC 5246 Appendix C (TLS 1.2), there is no SHA384. See : http://www.ietf.org/rfc/rfc5246.txt The JSSE Reference Guide also doesn't talk about this SHA384 as an implementation requirement. See : http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#impl This means you have a problem with SHA256 only. Maybe it's easier to test on client-side, with one of the following ciphers (that you find on the same Reference Guide ) for example : TLS_DH_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Let me know if this works, or I will try to test by myself with my own client. 2013/8/22 Dennis Sosnoski d...@sosnoski.com: I've already done that, though as far as I can see that doesn't effect the digest algorithms (only the encryption options). - Dennis On 08/23/2013 12:24 AM, Aurélien Terrestris wrote: Hello I suppose you need to run your JVM with the unrestricted policy files (on b= oth client and server sides). You have to download them from Oracle website= for your java version, and replace the old. These files are : local_policy.jar US_export_policy.jar Regards 2013/8/22 d...@sosnoski.com: Tomcat 7.0.40 seems to work well with TLS 1.2, forced by using a sslEnabledProtocols=TLSv1.2 attribute on the Connector. But I haven't been able to make it work with any of the SHA256/384 algorithms - they always show up in the Ignoring unsupported cipher suite list. I get the same thing happening when I try to use them from client code, so I know it's not a Tomcat issue, but I'm hoping someone knows a workaround. Any suggestions? Thanks, - Dennis - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 / Java 7 with TLS 1.2 algorithms
Hello I suppose you need to run your JVM with the unrestricted policy files (on b= oth client and server sides). You have to download them from Oracle website= for your java version, and replace the old. These files are : local_policy.jar US_export_policy.jar Regards 2013/8/22 d...@sosnoski.com: Tomcat 7.0.40 seems to work well with TLS 1.2, forced by using a sslEnabledProtocols=TLSv1.2 attribute on the Connector. But I haven't been able to make it work with any of the SHA256/384 algorithms - they always show up in the Ignoring unsupported cipher suite list. I get the same thing happening when I try to use them from client code, so I know it's not a Tomcat issue, but I'm hoping someone knows a workaround. Any suggestions? Thanks, - Dennis - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 7 / Java 7 with TLS 1.2 algorithms
what's supposed to happen: The specified cipher in SSLCipherSuiteSSLCipherSuite is supposed to be enabled when specified within SSLCipherSuiteSSLCipherSuite=SHA256/384 to allow the Server to arbitrate the ordering of ciphers(instead of the client) SSLHonorCipherOrder=true http://tomcat.apache.org/tomcat-7.0-doc/config/http.html does this not work for you? Martin Gainty __ Please do not alter or disrupt this transmission..Thank You From: d...@sosnoski.com Subject: Tomcat 7 / Java 7 with TLS 1.2 algorithms To: users@tomcat.apache.org CC: Date: Thu, 22 Aug 2013 04:41:54 -0400 Tomcat 7.0.40 seems to work well with TLS 1.2, forced by using a sslEnabledProtocols=TLSv1.2 attribute on the Connector. But I haven't been able to make it work with any of the SHA256/384 algorithms - they always show up in the Ignoring unsupported cipher suite list. I get the same thing happening when I try to use them from client code, so I know it's not a Tomcat issue, but I'm hoping someone knows a workaround. Any suggestions? Thanks, - Dennis - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 / Java 7 with TLS 1.2 algorithms
I've already done that, though as far as I can see that doesn't effect the digest algorithms (only the encryption options). - Dennis On 08/23/2013 12:24 AM, Aurélien Terrestris wrote: Hello I suppose you need to run your JVM with the unrestricted policy files (on b= oth client and server sides). You have to download them from Oracle website= for your java version, and replace the old. These files are : local_policy.jar US_export_policy.jar Regards 2013/8/22 d...@sosnoski.com: Tomcat 7.0.40 seems to work well with TLS 1.2, forced by using a sslEnabledProtocols=TLSv1.2 attribute on the Connector. But I haven't been able to make it work with any of the SHA256/384 algorithms - they always show up in the Ignoring unsupported cipher suite list. I get the same thing happening when I try to use them from client code, so I know it's not a Tomcat issue, but I'm hoping someone knows a workaround. Any suggestions? Thanks, - Dennis - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 / Java 7 with TLS 1.2 algorithms
According to RFC 5246 Appendix C (TLS 1.2), there is no SHA384. See : http://www.ietf.org/rfc/rfc5246.txt The JSSE Reference Guide also doesn't talk about this SHA384 as an implementation requirement. See : http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#impl This means you have a problem with SHA256 only. Maybe it's easier to test on client-side, with one of the following ciphers (that you find on the same Reference Guide ) for example : TLS_DH_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Let me know if this works, or I will try to test by myself with my own client. 2013/8/22 Dennis Sosnoski d...@sosnoski.com: I've already done that, though as far as I can see that doesn't effect the digest algorithms (only the encryption options). - Dennis On 08/23/2013 12:24 AM, Aurélien Terrestris wrote: Hello I suppose you need to run your JVM with the unrestricted policy files (on b= oth client and server sides). You have to download them from Oracle website= for your java version, and replace the old. These files are : local_policy.jar US_export_policy.jar Regards 2013/8/22 d...@sosnoski.com: Tomcat 7.0.40 seems to work well with TLS 1.2, forced by using a sslEnabledProtocols=TLSv1.2 attribute on the Connector. But I haven't been able to make it work with any of the SHA256/384 algorithms - they always show up in the Ignoring unsupported cipher suite list. I get the same thing happening when I try to use them from client code, so I know it's not a Tomcat issue, but I'm hoping someone knows a workaround. Any suggestions? Thanks, - Dennis - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 7 / Java 7 with TLS 1.2 algorithms
point of confusion Eric Rescorla specifically cites SHA384 in his cipher examples for TLS 1.2 Update http://www.ietf.org/rfc/rfc5246.txt http://www.ietf.org/proceedings/70/slides/tls-0.pdf Kuat Eshengazin used bltest as a test harness for SHA384 bltest -R -m prf_sha384 -k tests/prf_sha384/key0 -t tests/prf_sha384/seed0 -h -g 148 -x https://bugzilla.mozilla.org/show_bug.cgi?id=480514 Is this incorrect? Martin __ Please do not alter or disrupt this transmission..Thank You Date: Thu, 22 Aug 2013 14:53:55 +0100 Subject: Re: Tomcat 7 / Java 7 with TLS 1.2 algorithms From: aterrest...@gmail.com To: users@tomcat.apache.org According to RFC 5246 Appendix C (TLS 1.2), there is no SHA384. See : http://www.ietf.org/rfc/rfc5246.txt The JSSE Reference Guide also doesn't talk about this SHA384 as an implementation requirement. See : http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#impl This means you have a problem with SHA256 only. Maybe it's easier to test on client-side, with one of the following ciphers (that you find on the same Reference Guide ) for example : TLS_DH_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Let me know if this works, or I will try to test by myself with my own client. 2013/8/22 Dennis Sosnoski d...@sosnoski.com: I've already done that, though as far as I can see that doesn't effect the digest algorithms (only the encryption options). - Dennis On 08/23/2013 12:24 AM, Aurélien Terrestris wrote: Hello I suppose you need to run your JVM with the unrestricted policy files (on b= oth client and server sides). You have to download them from Oracle website= for your java version, and replace the old. These files are : local_policy.jar US_export_policy.jar Regards 2013/8/22 d...@sosnoski.com: Tomcat 7.0.40 seems to work well with TLS 1.2, forced by using a sslEnabledProtocols=TLSv1.2 attribute on the Connector. But I haven't been able to make it work with any of the SHA256/384 algorithms - they always show up in the Ignoring unsupported cipher suite list. I get the same thing happening when I try to use them from client code, so I know it's not a Tomcat issue, but I'm hoping someone knows a workaround. Any suggestions? Thanks, - Dennis - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
