On 10/10/2017 1:20 AM, Peter Kreuser wrote:
Christopher,
A good read on the appropriate (openssl) cipher string that I use can be found
here:
https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
Hynek explains the whys and don'ts and updates the string on a regular basis!
HTH
On 10/9/17, 2:19 PM, Christopher Schultz (Tomcat List guru) wrote (with
regard to a "ciphers" clause in a connector tag):
. . .
You need to list everything.
. . .
Ok. I really didn't need a command-line tool (thanks, though, on behalf
of whoever actually does end up needing one); just an
Christopher,
Peter Kreuser
> Am 10.10.2017 um 00:14 schrieb Christopher Schultz
> :
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> James,
>
>> On 10/9/17 5:19 PM, Christopher Schultz wrote:
>>> On 10/6/17 6:34 PM, James H. H. Lampert wrote:
>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 10/9/17 5:19 PM, Christopher Schultz wrote:
> On 10/6/17 6:34 PM, James H. H. Lampert wrote:
>> Noting that my connector tag is written using Tomcat 7 connector
>> syntax, is there a good example of how to code a ciphers clause
>> for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 10/6/17 6:34 PM, James H. H. Lampert wrote:
> On 10/6/17, 6:58 AM, Mark Thomas (Tomcat List) wrote:
>
>> It might help to think of it like this:
>>
>> There are the ciphers that a JVM supports. The JVM only enables
>> sub-set of the
James,
> On 10/6/17, 6:58 AM, Mark Thomas (Tomcat List) wrote:
>
>> It might help to think of it like this:
>>
>> There are the ciphers that a JVM supports.
>> The JVM only enables sub-set of the supported ciphers are enabled by
>> default.
>> Tomcat with a default configuration only uses a
On 10/6/17, 6:58 AM, Mark Thomas (Tomcat List) wrote:
It might help to think of it like this:
There are the ciphers that a JVM supports.
The JVM only enables sub-set of the supported ciphers are enabled by
default.
Tomcat with a default configuration only uses a sub-set of the ciphers
that the
On 05/10/17 18:52, James H. H. Lampert wrote:
> This just keeps getting weirder.
>
> Late yesterday afternoon, I did a lengthy "stare-and-compare" between
> what SSLInfo returned for the two different Tomcat servers, and I
> couldn't find any differences. But then, I got called away from this on
This just keeps getting weirder.
Late yesterday afternoon, I did a lengthy "stare-and-compare" between
what SSLInfo returned for the two different Tomcat servers, and I
couldn't find any differences. But then, I got called away from this on
something that kept me in the office until after 7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 10/4/17 3:44 PM, James H. H. Lampert wrote:
> On 10/4/17, 12:26 PM, Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> James,
> . . .
>> Okay so you are in no way interfering with the defaults. That
>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 10/4/17 12:54 PM, James H. H. Lampert wrote:
> On the HTTPAPI/FTPAPI list, I was told that HTTPAPI uses the
> operating system's SSL support (which was how I thought it worked),
> and directed to look through the system values to see what
On 10/4/17, 12:26 PM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
. . .
Okay so you are in no way interfering with the defaults. That means
you'll get (depending upon your exact versions of various things) a
Tomcat which supports TLSv1 or later, and most
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 10/4/17 3:15 PM, James H. H. Lampert wrote:
> Christopher Schultz (Tomcat list guru) wrote:
/me bows
>> Looks like your server only has ECDHE-based suites available, and
>> the client supports none of those. Can you post your
>>
Christopher Schultz (Tomcat list guru) wrote:
Looks like your server only has ECDHE-based suites available, and the
client supports none of those. Can you post your
configuration from conf/server.xml?
Yes, and I can also post something else.
I found the Java source for your own "SSLInfo"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 10/4/17 12:54 PM, James H. H. Lampert wrote:
> I wrote:
>>> I mean, I know that I need to get HTTPAPI and Tomcat speaking
>>> the same language, but where do I begin?
> Here's what I got back when I ran the SSLLabs server test on the
>
I wrote:
I mean, I know that I need to get HTTPAPI and Tomcat speaking the
same language, but where do I begin?
Here's what I got back when I ran the SSLLabs server test on the cloud
server:
Protocols
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
I wrote:
I mean, I know that I need to get HTTPAPI and Tomcat speaking the
same language, but where do I begin?
Christopher Schultz (Tomcat List) wrote:
First, I would check to see what Tomcat is actually advertising.
There are several ways to do that. One of them is to use Qualys's
SSLLabs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 10/3/17 5:52 PM, James H. H. Lampert wrote:
> Dear Mr. Klement, and members of the Tomcat List:
>
> I have a series of AS/400 programs using HTTPAPI to access
> services hosted by a webapp running under Tomcat.
>
> Up until now, I've
Dear Mr. Klement, and members of the Tomcat List:
I have a series of AS/400 programs using HTTPAPI to access services
hosted by a webapp running under Tomcat.
Up until now, I've only tested this configuration with Tomcat 7, running
on a local Linux (CentOS) box, and the last time I tested
19 matches
Mail list logo