tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jack Ashburn" <jashburn2...@googlemail.com>
Subject Re: How is a cipher chosen when the "ciphers" attribute in server.xml is not specified?
Date Mon, 07 Aug 2006 19:13:40 GMT
Cheers, Mark.

On 8/7/06, Mark Thomas <markt@apache.org> wrote:
> Jack Ashburn wrote:
> > Hi,
> >
> > I'm configuring my Tomcat server so that it uses a "strong" cipher for
> > SSL. From the docs in both Tomcat 4.1 and 5.0, the "ciphers" attribute
> > for the "connector" element in server.xml accepts "A comma seperated
> > [sic] list of the encryption ciphers that may be used. If not
> > specified, then any available cipher may be used."
> >
> > My questions are:
> >
> > 1. When the "ciphers" attribute is not specified, how does Tomcat
> > choose the cipher to use from the "any available cipher[s]"?
>
> It doesn't, it takes whatever the default is. This may vary depending
> on JDK version, vendor etc. Look at the relevant docs to see which it
> is for your platform.
>
> > 2. Why doesn't Tomcat choose the strongest available ciphers from
> > what's made available to the Java runtime?
>
> Because generally the stronger the algorithm, the greater the
> processing overhead.
>
> Mark
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message