tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: How is a cipher chosen when the "ciphers" attribute in server.xml is not specified?
Date Mon, 07 Aug 2006 11:37:02 GMT
Jack Ashburn wrote:
> Hi,
> I'm configuring my Tomcat server so that it uses a "strong" cipher for
> SSL. From the docs in both Tomcat 4.1 and 5.0, the "ciphers" attribute
> for the "connector" element in server.xml accepts "A comma seperated
> [sic] list of the encryption ciphers that may be used. If not
> specified, then any available cipher may be used."
> My questions are:
> 1. When the "ciphers" attribute is not specified, how does Tomcat
> choose the cipher to use from the "any available cipher[s]"?

It doesn't, it takes whatever the default is. This may vary depending
on JDK version, vendor etc. Look at the relevant docs to see which it
is for your platform.

> 2. Why doesn't Tomcat choose the strongest available ciphers from
> what's made available to the Java runtime?

Because generally the stronger the algorithm, the greater the
processing overhead.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message