tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chad Joubert" <chad.joub...@gmail.com>
Subject Re: Tomcat 4 - Disable low level cipher
Date Fri, 24 Feb 2006 16:32:17 GMT
Mark,

Thank you for your help I am trying the names from the site you gave me
without the best results.  It takes time to restart and evaluate whether it
worked or not.  Is there a quidck way to tell what encryption is being
used.  I am using a third party scan.  Also, could you give me a example
string to go off of?

Thank you,
Chad


On 2/23/06, Mark Thomas <markt@apache.org> wrote:
>
> Chad Joubert wrote:
> > I have tried
> > several different string combinations using commas and collon dilimiters
> in
> > the server.xml file (ciphers=3D"*
> > ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM*")  but nothing
> seem=
> > s
> > to be working.  I have searched and found a couple other people asking
> the
> > same question but no solutions.
>
> These are not the Java names for the cipher suites (I think they might
> be from openssl). You need to use the ones in
> http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html
>
> The list should be comma delimiited.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message