tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: SSL cipher to use for HTTPS
Date Fri, 04 Nov 2005 22:43:07 GMT
As I recall, if the cipher suite isn't recognised, it doesn't get 
added so I am guessing that ciphers="bf-cbc" is not the name of a 
support cipher suite. They usually look something like 
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

Mark

Zoltán FARKAS wrote:
>   Hi All,
> 
>  I've got an 5.0.28 Tomcat installation functioning as a web serverver. I've commented
out the SSL part to get HTTPS connections.
>  Next step I've tried to set the used cipher to something else (by default 128 bit AES
is used, I'd like to get something faster, bf-cbc). So I've added 'ciphers="bf-cbc"' to the
SSL connector part as written on http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html
>  It looks like:
> ...
>    <Connector port="7433" 
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" debug="99" scheme="https" secure="true"
>                clientAuth="false" sslProtocol="SSL" ciphers="bf-cbc" keystorePass="portal"
/>
> ...
> What I get is:
> ...
> Nov 4, 2005 4:31:44 PM org.apache.coyote.http11.Http11Protocol start
> INFO: Starting Coyote HTTP/1.1 on http-7070
> Nov 4, 2005 4:31:44 PM org.apache.coyote.http11.Http11Protocol start
> SEVERE: Error starting endpoint
> java.lang.IllegalArgumentException: CipherSuites may not be null
>         at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(DashoA12275)
>         at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuites(DashoA12275)
>         at org.apache.tomcat.util.net.jsse.JSSESocketFactory.initServerSocket(JSSESocketFactory.java:355)
>         at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:90)
>         at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:259)
>         at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:281)
>         at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:171)
>         at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1527)
>         at org.apache.catalina.core.StandardService.start(StandardService.java:489)
>         at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
>         at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:324)
>         at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
>         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
> Nov 4, 2005 4:31:44 PM org.apache.catalina.startup.Catalina start
> SEVERE: Catalina.start: 
> LifecycleException:  Protocol handler start failed: java.lang.IllegalArgumentException:
CipherSuites may not be null
>         at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1529)
>         at org.apache.catalina.core.StandardService.start(StandardService.java:489)
>         at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313)
>         at org.apache.catalina.startup.Catalina.start(Catalina.java:556)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:324)
>         at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287)
>         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
> Nov 4, 2005 4:31:44 PM org.apache.catalina.startup.Catalina start
> 
> 
> Any ideas?
> Thanks,
> 
>         Zoltan
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message