Re: Disable low grade encryption

2008-02-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Max, Max Sevenfold wrote: | compression=on | compressionMinSize=2048 | noCompressionUserAgents=gozilla, traviata | compressableMimeType=text/html,text/xml,text/javascript,text/css,text/javascript,text/plain

Re: Disable low grade encryption

2008-02-06 Thread Max Sevenfold
Chris, Thank You. I just got solution from colleague. I was going to post it here. Installing unlimited strength cryptography policy fixed the problem. Cipher I posted is from Java6. I think all Tomcats with SSL must be running with such policy now. May be it is good to post it to tomcats ssl

Re: Disable low grade encryption

2008-02-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Max, Max Sevenfold wrote: | Chris, | | Thank You. I just got solution from colleague. I was going to post it here. Yes, please post your solution, including complete instructions. Post it under a new thread so folks who haven't been reading this

Re: Disable low grade encryption

2008-02-06 Thread Max Sevenfold
Chris, I already posted solution. I had to set unlimited strength cryptography policy. Unlimited strength JCE is available from Sun on same download page as JDK. There are 2 jar files that must be copied in $JDK_HOME/jre/lib/secuirty It so simple. Regards, Max Christopher Schultz wrote:

Disable low grade encryption

2008-02-05 Thread Max Sevenfold
Hello, I would like to disable low grade encryption in Tomcat. I have cert that uses 256/1024bit encryption with Apache but same cert with tomcat uses 128/768bit encryption. The problem is public key size 768 bit that is no more considered secure by Opera. The problem was discussed here

Re: Disable low grade encryption

2008-02-05 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Max, Max Sevenfold wrote: | I would like to disable low grade encryption in Tomcat. Are you using Tomcat's native APR library? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http

Re: Disable low grade encryption

2008-02-05 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Max, Max Sevenfold wrote: | Right now I am using pure Java solution with keystore. | I am debating to move to APR. What version of Tomcat are you using? Can you post your Connector configuration from server.xml? That would be very helpful in

Re: Disable low grade encryption

2008-02-05 Thread Max Sevenfold
Chris, tomcat 6.0.14 java 6 Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS compression=on compressionMinSize=2048