geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "amlan.geronimo" <amlan.geron...@gmail.com>
Subject How to use 2048-bit Diffie-Hellman group at geronimo configuration
Date Thu, 07 Apr 2016 17:38:15 GMT
Hi All,

I am Amlan working as Apache Geronimo Administrator. 

Could you please help me that How could I do following two things at Apache
Geronimo Application servers 2.1.4 & 2.1.8

1. How disable support for export cipher suites at Apache Geronimo
2.1.4/2.1.8 application server?

2. How to generate a unique 2048-bit Diffie-Hellman group and use it at
Apache Geronimo 2.1.4/2.1.8 within config.xml

At my config.xml file I see TLS defined in two location:

1...

<gbean name="TomcatWebSSLConnector">
            <attribute name="host">${ServerHostname}</attribute>
            <attribute name="port">${HTTPSPort + PortOffset}</attribute>
            <attribute name="maxHttpHeaderSize">8192</attribute>
            <attribute name="maxThreads">150</attribute>
            <attribute name="minSpareThreads">25</attribute>
            <attribute name="maxSpareThreads">75</attribute>
            <attribute name="enableLookups">false</attribute>
            <attribute name="acceptCount">100</attribute>
            <attribute name="disableUploadTimeout">false</attribute>
            <attribute name="clientAuth">false</attribute>
            <attribute name="algorithm">Default</attribute>
            <attribute name="sslProtocol">TLS</attribute>
            <attribute
name="keystoreFile">var/security/keystores/geronimo-default</attribute>
            <attribute
name="keystorePass">{Simple}djgsfcjefdkcgh</attribute>
            <attribute name="keystoreType">JKS</attribute>
        </gbean>

2...

<gbean name="JMXSecureConnector">
            <attribute name="protocol">rmi</attribute>
            <attribute name="host">${ServerHostname}</attribute>
            <attribute name="port">${JMXSecurePort + PortOffset}</attribute>
            <attribute
name="urlPath">/jndi/rmi://${ServerHostname}:${NamingPort +
PortOffset}/JMXSecureConnector</attribute>
            <attribute name="algorithm">Default</attribute>
            <attribute name="secureProtocol">TLS</attribute>
            <attribute name="keyStore">geronimo-default</attribute>
            <attribute name="keyAlias">geronimo</attribute>
            <attribute name="trustStore">geronimo-default</attribute>
            <attribute name="clientAuth">false</attribute>
        </gbean>


Regards,

Amlan




--
View this message in context: http://apache-geronimo.328035.n3.nabble.com/How-to-use-2048-bit-Diffie-Hellman-group-at-geronimo-configuration-tp3990050.html
Sent from the Users mailing list archive at Nabble.com.

Mime
View raw message