AW: A way for user to specify DH parameter to tomcat !
Hi Utkarsh >Von: Utkarsh Dave [mailto:utkarshkd...@gmail.com] >Gesendet: Donnerstag, 18. August 2016 08:18 >An: Tomcat Users List >Betreff: Re: A way for user to specify DH parameter to tomcat ! > >Thanks a lot Chris and Violeta. > >On Wed, Aug 17, 2016 at 1:59 PM, Utkarsh Dave>wrote: > >> Hi All, >> >> My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS >> We have been using BIO connectors. >> 1. I need help to find out how to provide user specified DH parameter to >> tomcat. >> 2. What all ciphers are categorized under modern ciphers ? >> >> Thanks for your time in advance. >> >> -Utkarsh >> You probably won't be able to set a higher DH Key Size than 1024bit on Java 7. With your java version at least the default is 1024bit. With Java 8 you can add the -D option (-Djdk.tls.ephemeralDHKeySize=2048) to the CATALINA_OPTS (in bin/setenv.sh). Best regards. Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A way for user to specify DH parameter to tomcat !
Thanks a lot Chris and Violeta. On Wed, Aug 17, 2016 at 1:59 PM, Utkarsh Davewrote: > Hi All, > > My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS > We have been using BIO connectors. > 1. I need help to find out how to provide user specified DH parameter to > tomcat. > 2. What all ciphers are categorized under modern ciphers ? > > Thanks for your time in advance. > > -Utkarsh >
Re: A way for user to specify DH parameter to tomcat !
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Utkarsh, On 8/17/16 4:29 AM, Utkarsh Dave wrote: > Hi All, > > My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on > linux OS We have been using BIO connectors. 1. I need help to find > out how to provide user specified DH parameter to tomcat. I'm not sure you can do this with Tomcat 7. With Tomcat 8, using the APR connector can use the DH parameters from the certificate file itself . https://tomcat.apache.org/tomcat-8.0-doc/config/http.html#SSL_Support Search for "SSLCertificateFile". If you are able to use Tomcat 8.5, you can use DH params with any kind of connector. https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_ Certificate Look for "certificateFile". Note you will need Java 8 to run Tomcat 8.5. > 2. What all ciphers are categorized under modern ciphers ? See Violeta's response. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXtOGvAAoJEBzwKT+lPKRYEuUP/1K2Zs88uKjBBsKAwBRDX1Zk WUDbTt7c68VK0ahfU0B21DPDHCLa8sN4Ji8yK9pgYzZAE6JfyKOs6hWhO7IgWh0Z BODN1ux6yHjEc0sZrvkCyUbG9mzp3AYjB7AhqGd48tRJx0QzAmwLpG5HGYjdH/6B NyCBxADS7k5EOWYe1MmKQPbtgyO2t3wveV6mCTig6EcSm3v4unFgjgHiRNaSZrRc bvaKvHhPot1gTqZLCoQ1Rpx3RGUse5rqFta8jHsdHf2Tq8aEkyEGk1jggTFOCb8+ lpKNABfdLtFTC4HKSG8VY8c524bisbaJOmzq7fOsXnOIMN7abczQtmGPoEGc+7Vb gbcGPPuEh0wcvapZGG4L9iYsTB7EIQMGCHAYuhoDHhbEhvJAu5P8xtSkz9flgcJH 3EmNQVqn9IS5CG1Xj8FW/0o34xl86fkMx2lSBT+vRMXX+HwPO2DTnOQh9aKGS9FI Ayomb97HBnMpgUUDBLjxcF6aKQ+2/CSi/eVdrIcnPU7qgZq8FBRUwUcZ5Q7/sSAN xsf1Ez1jW+mMAxyX4wIrizDgEXDwnlnr8JCFZtDAKd0x1umX8ZyLzY0gQkacHWV6 1FVy5y62rILOoe+HgTmxhMDRmmcXGz/1FHPjqA+kYo2bjbU8vFdPetDkDO2Liydf o+jrnbet4VC4hD43fZVJ =Fkhf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A way for user to specify DH parameter to tomcat !
Thanks. By DH I mean "Diffie-Hellman parameters (secure DH-Cipher)". On Wed, Aug 17, 2016 at 3:31 PM, Violeta Georgievawrote: > Hi, > > 2016-08-17 11:29 GMT+03:00 Utkarsh Dave : > > > > Hi All, > > > > My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS > > We have been using BIO connectors. > > 1. I need help to find out how to provide user specified DH parameter to > > tomcat. > > 2. What all ciphers are categorized under modern ciphers ? > > Look at these pages > http://wiki.apache.org/tomcat/Security/Ciphers > http://wiki.apache.org/tomcat/HowTo/SSLCiphers > > Regards, > Violeta > > > > > Thanks for your time in advance. > > > > -Utkarsh >
Re: A way for user to specify DH parameter to tomcat !
Hi, 2016-08-17 11:29 GMT+03:00 Utkarsh Dave: > > Hi All, > > My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS > We have been using BIO connectors. > 1. I need help to find out how to provide user specified DH parameter to > tomcat. > 2. What all ciphers are categorized under modern ciphers ? Look at these pages http://wiki.apache.org/tomcat/Security/Ciphers http://wiki.apache.org/tomcat/HowTo/SSLCiphers Regards, Violeta > > Thanks for your time in advance. > > -Utkarsh
A way for user to specify DH parameter to tomcat !
Hi All, My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS We have been using BIO connectors. 1. I need help to find out how to provide user specified DH parameter to tomcat. 2. What all ciphers are categorized under modern ciphers ? Thanks for your time in advance. -Utkarsh