RE: Tomcat 4.01 SSL - how to reduce the encription strength
Hi Franco, When you create the certificate, instead of entering your first/last name, enter the domain of your server (e.g. localhost or www.mysite.com). This is the CN (Common Name) of the certificate. Note that you will still get a warning about the issuer of the certificate. If you accept the certificate permanently, you will not see the warning in the future. You may also try using wild card certificates such as '*.mycompany.com' though I think that IE does not support it any more (which requires you to purchase more certificates from Verisign and their other buddies). Tal -Original Message- From: Miao, Franco CAWS:EX [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 25, 2001 9:35 PM To: '[EMAIL PROTECTED]' Cc: Tomcat Users List Subject: Tomcat 4.01 SSL - how to reduce the encription strength Hi there, did you get any message like The name of the security certificate is invalid or does not match the name of the site with your self-signed certificate? I have made one for testing, but got that message. Let me know if you didn't get that. Franco -Original Message- From: Tal Dayan [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 25, 2001 9:25 PM To: Tomcat Users List Subject: Tomcat 4.01 SSL - how to reduce the encription strength Hello, We are using Tomcat 4.01 standalone with self signed certificate and all works just great. When we connect from IE, the browser indicates that the encryption is 128 bit long. Is there a way to instruct Tomcat to use a weaker encryption? Our motivation is to reduce the CPU overhead since the data in that specific system is not THAT important. Thanks, Tal -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.01 SSL - how to reduce the encription strength
Typically, the browser and the server negotiate for the highest level of encryption available for both. If you reduce it on one side, it will affect both. The question is how to reduce the cipher list of Tomcat. The source code seems to enable any cipher that is available to it. Tal -Original Message- From: William Tansill [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 25, 2001 9:46 PM To: Tomcat Users List Subject: RE: Tomcat 4.01 SSL - how to reduce the encription strength I believe that the cipher strength is built into the browser. If I click Help/About on my copy of IE, it tells me it's using 128 bit encryption, even though I'm not connected to anything. -Original Message- From: Tal Dayan [mailto:[EMAIL PROTECTED]] Sent: Monday, November 26, 2001 0:25 AM To: Tomcat Users List Subject: Tomcat 4.01 SSL - how to reduce the encription strength Hello, We are using Tomcat 4.01 standalone with self signed certificate and all works just great. When we connect from IE, the browser indicates that the encryption is 128 bit long. Is there a way to instruct Tomcat to use a weaker encryption? Our motivation is to reduce the CPU overhead since the data in that specific system is not THAT important. Thanks, Tal -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.01 SSL - how to reduce the encription strength
I believe that the cipher strength is built into the browser. If I click Help/About on my copy of IE, it tells me it's using 128 bit encryption, even though I'm not connected to anything. -Original Message- From: Tal Dayan [mailto:[EMAIL PROTECTED]] Sent: Monday, November 26, 2001 0:25 AM To: Tomcat Users List Subject: Tomcat 4.01 SSL - how to reduce the encription strength Hello, We are using Tomcat 4.01 standalone with self signed certificate and all works just great. When we connect from IE, the browser indicates that the encryption is 128 bit long. Is there a way to instruct Tomcat to use a weaker encryption? Our motivation is to reduce the CPU overhead since the data in that specific system is not THAT important. Thanks, Tal -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]