I installed Tomcat-7 7.0.42 in OpenSUSE 13.1, configured support for
TLSv1.2. I then configured a list of strong ciphers only, that I wanted to
use.
Connector port=8443
protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150
clientAuth=false SSLEnabled=true scheme=https secure=true
Application Data, length = 11472
If I also add the following ciphers:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Then my little Java program uses only these and not the GCM ciphers.
2014-05-21 12:21 GMT+02:00 Sverre Moe sverre@gmail.com:
I installed Tomcat-7
)112TLS_RSA_WITH_RC4_128_SHA (0x5)128TLS_RSA_WITH_RC4_128_MD5 (0x4)128(*)
Cannot be used for Forward Secrecy because they require DSS keys, which are
effectively limited to 1024 bits.
2014-05-21 21:24 GMT+02:00 Sverre Moe sverre@gmail.com:
Setting only these ciphers in the JSSE connector
and no SHA384.
2014-05-23 0:53 GMT+02:00 Igor Cicimov icici...@gmail.com:
On 21/05/2014 8:22 PM, Sverre Moe sverre@gmail.com wrote:
I installed Tomcat-7 7.0.42 in OpenSUSE 13.1, configured support for
TLSv1.2. I then configured a list of strong ciphers only, that I wanted
to
use
, Sverre Moe sverre@gmail.com wrote:
I have found out that the connector can use these ciphers, but Chromium
can't.
I wrote a small Java program that makes a HttpsConnection with Tomcat
without problem.
Output with -Djavax.net.debug=ssl
main, WRITE: TLSv1.2 Change Cipher Spec
10:00 GMT+02:00 Igor Cicimov icici...@gmail.com:
On 23/05/2014 5:43 PM, Sverre Moe sverre@gmail.com wrote:
I am using the following ciphers in Tomcat:
ciphers=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
...@gmail.com:
On 24/05/2014 1:15 AM, Sverre Moe sverre@gmail.com wrote:
NIO does support them according to the java documentation.
I was refering to cipher order and tomcat7 connector documentation where
only the apr connector supports the option SSLHonorCipherOrder
http://tomcat.apache.org
will never choose a GCM cipher because they are last in the list.
2014-05-26 3:34 GMT+02:00 Tim Whittington t...@apache.org:
On 21/05/2014, at 10:21 pm, Sverre Moe sverre@gmail.com wrote:
snip
ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA265
since I am running
SLES (which has an old version of OpenSSL).
2014-05-26 11:25 GMT+02:00 Tim Whittington t...@apache.org:
On 26/05/2014, at 6:58 pm, Sverre Moe sverre@gmail.com wrote:
Documentation aside, none of these cipher-suites are supported in Oracle
Java 7.
The AES_CBC ciphers
Schultz ch...@christopherschultz.net
:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Tim,
On 5/25/14, 9:34 PM, Tim Whittington wrote:
On 21/05/2014, at 10:21 pm, Sverre Moe sverre@gmail.com
wrote:
snip
ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
10 matches
Mail list logo