Tomcat 7 cannot get ciphers with SHA256 or SHA384

I installed Tomcat-7 7.0.42 in OpenSUSE 13.1, configured support for TLSv1.2. I then configured a list of strong ciphers only, that I wanted to use. Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 clientAuth=false SSLEnabled=true scheme=https secure=true

Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384

Application Data, length = 11472 If I also add the following ciphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Then my little Java program uses only these and not the GCM ciphers. 2014-05-21 12:21 GMT+02:00 Sverre Moe sverre@gmail.com: I installed Tomcat-7

Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384

)112TLS_RSA_WITH_RC4_128_SHA (0x5)128TLS_RSA_WITH_RC4_128_MD5 (0x4)128(*) Cannot be used for Forward Secrecy because they require DSS keys, which are effectively limited to 1024 bits. 2014-05-21 21:24 GMT+02:00 Sverre Moe sverre@gmail.com: Setting only these ciphers in the JSSE connector

Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384

and no SHA384. 2014-05-23 0:53 GMT+02:00 Igor Cicimov icici...@gmail.com: On 21/05/2014 8:22 PM, Sverre Moe sverre@gmail.com wrote: I installed Tomcat-7 7.0.42 in OpenSUSE 13.1, configured support for TLSv1.2. I then configured a list of strong ciphers only, that I wanted to use

Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384

, Sverre Moe sverre@gmail.com wrote: I have found out that the connector can use these ciphers, but Chromium can't. I wrote a small Java program that makes a HttpsConnection with Tomcat without problem. Output with -Djavax.net.debug=ssl main, WRITE: TLSv1.2 Change Cipher Spec

Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384

10:00 GMT+02:00 Igor Cicimov icici...@gmail.com: On 23/05/2014 5:43 PM, Sverre Moe sverre@gmail.com wrote: I am using the following ciphers in Tomcat: ciphers=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384

...@gmail.com: On 24/05/2014 1:15 AM, Sverre Moe sverre@gmail.com wrote: NIO does support them according to the java documentation. I was refering to cipher order and tomcat7 connector documentation where only the apr connector supports the option SSLHonorCipherOrder http://tomcat.apache.org

Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384

will never choose a GCM cipher because they are last in the list. 2014-05-26 3:34 GMT+02:00 Tim Whittington t...@apache.org: On 21/05/2014, at 10:21 pm, Sverre Moe sverre@gmail.com wrote: snip ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265

Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384

since I am running SLES (which has an old version of OpenSSL). 2014-05-26 11:25 GMT+02:00 Tim Whittington t...@apache.org: On 26/05/2014, at 6:58 pm, Sverre Moe sverre@gmail.com wrote: Documentation aside, none of these cipher-suites are supported in Oracle Java 7. The AES_CBC ciphers

Re: Tomcat 7 cannot get ciphers with SHA256 or SHA384

Schultz ch...@christopherschultz.net : -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tim, On 5/25/14, 9:34 PM, Tim Whittington wrote: On 21/05/2014, at 10:21 pm, Sverre Moe sverre@gmail.com wrote: snip ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384