tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Rescorla <...@rtfm.com>
Subject Re: Diffie Hellman
Date Thu, 01 Aug 2002 18:51:38 GMT
Pier Fumagalli <pier@betaversion.org> writes:

> "scieck@btopenworld.com" <scieck@btopenworld.com> wrote:
> 
> > Hi,
> > does Tomcat support the Diffie-Hellman Key Agreement Method, when it is ssl
> > enabled ?
> > If not is it possible to make Tomcat-ssl use Diffie-Helman instead then RSA,
> > so that Tomcat does not need a certificate when started in ssl mode ?
> 
> I believe it depends on JSSI to do the cypher negotiation.
Both JSSE and PureTLS have support for normal DH. JSSE has support
for anonymous DH but PureTLS does not yet.

That said, you're probably better off using self-signed RSA
certificates since a fair number of SSL/TLS implementations
do not support anonymous DH (e.g. almost no browsers do.)

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message