tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: How is a cipher chosen when the "ciphers" attribute in server.xml is not specified?
Date Mon, 07 Aug 2006 11:37:02 GMT
Jack Ashburn wrote:
> Hi,
> 
> I'm configuring my Tomcat server so that it uses a "strong" cipher for
> SSL. From the docs in both Tomcat 4.1 and 5.0, the "ciphers" attribute
> for the "connector" element in server.xml accepts "A comma seperated
> [sic] list of the encryption ciphers that may be used. If not
> specified, then any available cipher may be used."
> 
> My questions are:
> 
> 1. When the "ciphers" attribute is not specified, how does Tomcat
> choose the cipher to use from the "any available cipher[s]"?

It doesn't, it takes whatever the default is. This may vary depending
on JDK version, vendor etc. Look at the relevant docs to see which it
is for your platform.

> 2. Why doesn't Tomcat choose the strongest available ciphers from
> what's made available to the Java runtime?

Because generally the stronger the algorithm, the greater the
processing overhead.

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message