-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Steffen,
On 7/18/16 10:54 AM, Steffen Heil (Mailinglisten) wrote: >> With jdk 1.8.0.45 our ldap communication is giving results. As >> soon as we change tomcat to use jdk1.8.0_51, I am getting below >> exception. I am not sure security changes in jdk 1.8.0_51 >> preventing the ldap certificate loaded in cacerts in java not >> communicating properly to our ldap server. > > I am not sure that this related, be we were having issues after > updating from 1.8.0_31 to 1.8.0_72 with certificates signed by > root-cas that have a md5 signature. While the CA signature in the > CA certificate does not provide any security, a bug in the jre > rejected the certificate even though the certificate itself was > signed with sha1. Maybe this is related. Do you mean rejecting SHA-1 signatures instead of SHA-256? MD5 hasn't been used for certificate signatures for quite a few years. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXjPBXAAoJEBzwKT+lPKRYqGoQAIFnEQIDqvnzj2TXHgvFXM58 IiQqbbUE7jo0eUwHoIWoaozuqUscrylbEPNXR8/lL/4xX6f7usMGMV3Pnivixtw2 7geQbe9BX6RrijT5SvVz+DjaLDH8n1zUpEzWwMKxcpCHuHOSVby9CH82pXMmiTXO EaR+tU6X6X5f/nsUx3wCfJ+CEI4+71gpYlXrkMgP24wgXmnB4eVi9Tnmr5jrdE+0 Kh+xZA7kjaQCjVat78YKqHWVprb/lAn3mobzFlg49FB5Dmlv+pSO26646YBvM1yq luQVo8ztMPEEAJSBKefB/1CvgFgmUH3dDIwwNoZAIiqoo3lIejy1V0BoucKLYi2Z BAueBoZELjldM1XG3v5M4MNmFgSGyUlr0j/alc/FD6OC/lOMh4iNrc32fX9yGVcu hvqYDUwfyGoqJc9xSCNOtGApnQYdZYJcLmp4YjYg+2qAafF2DOmQy6bMv3YWq3ZW gZ5kyhikfyeupVYmsFEBLpXWqCq4KwWqDZFlexLM+vvngJr/48dO+iaL7UgGFT/G elXXa7ASZx4aKU8HoYAhGqMs7KuysRg51DNpaS9LyXdCjwlwGOJq8KrcSx62iwiP QuXjcvRqVeYuQq5tlkCHb8zq0y2M5YBfXtKe1RAAGegzD2FMTHTrsnzeyHkb0O/C yQ23NPOZSZaLPLdnBjdu =760x -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org