Re: Enforcing server preference for cipher suites

2017-10-13 Thread Harish Krishnan
Hi Chris, thanks for sharing your opinion. Just my last comment here to close this thread. BSAFE is anyways EOL now (or will be soon). We are already working on a replacement. Currently we are using the latest and greatest version of BSAFE with extended support. Once again, thank you all for the

Re: Enforcing server preference for cipher suites

2017-10-12 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Harish, On 10/12/17 10:55 AM, Harish Krishnan wrote: > Thank you all for the help and responses. We figured out what the > problem was. What I did was correct in terms of the attribute > setting, the tomcat version used and the JRE version used.

Re: Enforcing server preference for cipher suites

2017-10-12 Thread Harish Krishnan
Thank you all for the help and responses. We figured out what the problem was. What I did was correct in terms of the attribute setting, the tomcat version used and the JRE version used. However, I did not realize our JRE is running in FIPs mode using RSA BSAFE as the crypto provider. When I

Re: Enforcing server preference for cipher suites

2017-10-11 Thread Harish Krishnan
Thanks for the response, Konstantin. If debugging the tomcat code is the only option, then I will plan to do it sometime soon as it is bit additional work for me. We just use the tomcat binaries In our application. Meanwhile, if anybody have any other suggestions, that is greatly appreciated.

Re: Enforcing server preference for cipher suites

2017-10-10 Thread Konstantin Kolinko
2017-10-09 19:31 GMT+03:00 Harish Krishnan : > Hi All, > > Need your expert input here. > Not sure what I am doing wrong, but I cannot get this server preference > cipher suites feature working. > > My setup: > Latest tomcat 7.x build (which supports

Re: Enforcing server preference for cipher suites

2017-10-10 Thread Harish Krishnan
Thanks for the response, Peter. The client is not doing anything other than a simple https connection to tomcat. The cipher sites used by the client is the default JRE 1.8 cipher suites. I have not configured or requesting for any particular cipher suite when connecting to Tomcat. During the

Re: Enforcing server preference for cipher suites

2017-10-10 Thread Peter Kreuser
Harish, > Am 10.10.2017 um 00:00 schrieb Harish Krishnan : > > Thanks for the response, Chris. > > Below are my answers in order. > To keep the response as short as possible, i have not included the ciphers > list in the connector - > > a) Tomcat 7.0.79 (will be updating

Re: Enforcing server preference for cipher suites

2017-10-09 Thread Harish Krishnan
Thanks for the response, Chris. Below are my answers in order. To keep the response as short as possible, i have not included the ciphers list in the connector - a) Tomcat 7.0.79 (will be updating to 7.0.82) b) JRE 1.80_144 c) Our connector configuration is below. d) We are using NIO. e) I am

Re: Enforcing server preference for cipher suites

2017-10-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Harish, On 10/9/17 12:31 PM, Harish Krishnan wrote: > Need your expert input here. Not sure what I am doing wrong, but I > cannot get this server preference cipher suites feature working. > > My setup: Latest tomcat 7.x build (which supports >