tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Tomcat Wiki] Update of "Security/Ciphers" by markt
Date Thu, 31 Mar 2016 20:33:55 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "Security/Ciphers" page has been changed by markt:
https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=17&rev2=18

Comment:
Add the results for Tomcat 6 and JSSE

  == BIO/NIO/NIO2 with JSSE Results (Default) ==
  
  ||            || Java 5 || Java 6 || Java 7 || Java 8 ||
- || Tomcat 6   ||   C    ||   C    ||   C    ||   B    ||
+ || Tomcat 6   ||   C    ||   C    ||   A    ||   A    ||
  || Tomcat 7   ||  N/A   ||   C    ||   A    ||   A    ||
  || Tomcat 8   ||  N/A   ||  N/A   ||   A    ||   A    ||
  || Tomcat 8.5 ||  N/A   ||  N/A   ||   A    ||   A    ||
@@ -15, +15 @@

  
  Note: These results were obtained using the JCE Unlimited Strength Jurisdiction Policy Files
  
- Note: The Java 6 results are capped at C because Java 6 does not support TLS 1.1 or 1.2.
+ Note: The Java 5 and 6 results are capped at C because neither Java 5 nor 6 support TLS
1.1 or 1.2.
  
  The equivalent OpenSSL cipher configurations used to obtain the above results are:
  
+ || Java 5 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE ||
  || Java 6 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!DHE ||
  || Java 7 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DHE ||
  || Java 8 || HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA ||
@@ -33, +34 @@

  || Tomcat 8.5 ||  N/A   ||  N/A   ||   A    ||   A    ||
  || Tomcat 9   ||  N/A   ||  N/A   ||  N/A   ||   A    ||
  
+ The OpenSSL cipher configuration used was '''HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'''.
Up-to-date selection of secure cipher suites in OpenSSL format is available at [[https://wiki.mozilla.org/Security/Server_Side_TLS|Mozilla
wiki]].
  
  Note: JSSE+OpenSSL and JSSE config requires a 1.2.6 tc-native release to achieve an A since,
without it, the full certificate chain is not presented to the client.
  

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message