Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-30 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 6/30/17 1:30 PM, Todd wrote: > Christopher Schultz-2 wrote >> Yup: if you use iptables (ipchains hasn't been used in ... >> decades?) to do port-redirection, then you are in fact hitting >> Tomcat / JVM (essentially) directly. > > Yes -

AW: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-30 Thread logo
Todd >> Peter Kreuser wrote >>> >>> Can you provide a clean configuration that exhibits this behavior? >>> >>> What are you using to test the effective configuration? >> >> Another question: are you sure that you hit the Connector that you >> configure? Tomcat should be reasonably configured

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-30 Thread Todd
Christopher Schultz-2 wrote > Yup: if you use iptables (ipchains hasn't been used in ... decades?) > to do port-redirection, then you are in fact hitting Tomcat / JVM > (essentially) directly. Yes - iptables, sorry brain fart. Christopher Schultz-2 wrote > Can you confirm whether or not you

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-30 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 6/30/17 10:21 AM, Todd wrote: > Peter Kreuser wrote >>> >>> Can you provide a clean configuration that exhibits this >>> behavior? >>> >>> What are you using to test the effective configuration? >> >> Another question: are you sure that

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-30 Thread Todd
Peter Kreuser wrote >> >> Can you provide a clean configuration that exhibits this behavior? >> >> What are you using to test the effective configuration? > > Another question: are you sure that you hit the Connector that you > configure? Tomcat should be reasonably configured in defaults with

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-26 Thread Peter Kreuser
Todd, Peter Kreuser Peter Kreuser > Am 26.06.2017 um 18:56 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Todd, > >> On 6/23/17 2:56 PM, Todd wrote: >> Thank you Peter - I tried that previously, and just to double

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-26 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 6/23/17 2:56 PM, Todd wrote: > Thank you Peter - I tried that previously, and just to double check > tried it again. No difference at all. a set of ciphers is being > presented that do not match to the cipher list that I've included > at

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-23 Thread Todd
Todd wrote >> I'm experiencing the exact same issue with 8.5.14 - cipher list seems to >> be >> ignored, regardless of what I put in SSLAbs and validating via browser on >> my >> website a set of ciphers is used that I have not listed. >> >> I am able to change protocols (for instance, I can

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-23 Thread logo
Todd, > Am 23.06.2017 um 18:53 schrieb Todd >: > > I'm experiencing the exact same issue with 8.5.14 - cipher list seems to be > ignored, regardless of what I put in SSLAbs and validating via browser on my > website a set of ciphers is used that I

Re: AW: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-23 Thread Todd
I'm experiencing the exact same issue with 8.5.14 - cipher list seems to be ignored, regardless of what I put in SSLAbs and validating via browser on my website a set of ciphers is used that I have not listed. I am able to change protocols (for instance, I can remove TLSv1 and the system

Re: AW: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-04-27 Thread Mark Thomas
On 27/04/17 19:49, Dan Morrison wrote: > I'm still confused by JSSE vs OpenSSL. From all that I can figure I > think I'm setup for JSSE Ciphers ? (not counting the above test) The are two parts. Config style and implementation. As much as we can, we have tried to make all combinations work

Re: AW: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-04-27 Thread Dan Morrison
On 04/27/2017 01:32 PM, Dan Morrison wrote: On 04/27/2017 10:57 AM, Kreuser, Peter wrote: Hi (WhoEverYouMayBe - you may want to sign with a name???), Server version:Apache Tomcat/8.5.11 Server built: Jan 10 2017 21:02:52 UTC Server number: 8.5.11.0 OS Name:

Re: AW: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-04-27 Thread Dan Morrison
On 04/27/2017 10:57 AM, Kreuser, Peter wrote: Hi (WhoEverYouMayBe - you may want to sign with a name???), Server version:Apache Tomcat/8.5.11 Server built: Jan 10 2017 21:02:52 UTC Server number: 8.5.11.0 OS Name: Linux OS Version:

AW: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-04-27 Thread Kreuser, Peter
Hi (WhoEverYouMayBe - you may want to sign with a name???), > Server version:Apache Tomcat/8.5.11 > Server built: Jan 10 2017 21:02:52 UTC > Server number: 8.5.11.0 > OS Name: Linux > OS Version:3.10.0-514.16.1.el7.x86_64 > Architecture:

8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-04-27 Thread htsguru
Server version:Apache Tomcat/8.5.11 Server built: Jan 10 2017 21:02:52 UTC Server number: 8.5.11.0 OS Name: Linux OS Version:3.10.0-514.16.1.el7.x86_64 Architecture: amd64 Java Home: /usr/java/jdk1.8.0_121/jre JVM Version: