tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat encryption algorithms
Date Wed, 20 Jan 2010 19:10:08 GMT
Hash: SHA1


On 1/20/2010 1:52 PM, Shan, Justine wrote:
> As far as I know, the only encryption implemented by Tomcat itself
> is SSL.

SSL is a strategy of securely transmitting data, which uses encryption.
Technically speaking, Tomcat does not /implement/ SSL, but rather uses
the JVM's SSL libraries to provide HTTP over SSL.

> But I need to know what exactly algorithms have been implemented and
> distributed with the binary from Apache Tomcat 5.X and 6.

Tomcat does not ship with any cryptographic algorithms.

> To my understanding, Tomcat relies on the JVM or JCE installed on
> the user's machine to implement SSL, which implies Tomcat doesn't
> ship any cryptographic algorithms but only implements SSL protocol.


> On the other hand, from the Legal page Tomcat is classified as 5D002,
> strong cryptography.

Would you care to provide a reference? I can find none of the following
strings on the "Legal" page for Tomcat
( "crypt", "5D002", "classif", or
anything like that.

> This implies Tomcat does contain (and thus ships with) encryption
> implementation. And I need to know what exactly algorithms are
> implemented.

Again, none are implemented: everything is implemented by the JRE/JVM or
a 3rd-party library, if you choose to install and configure one (such as
Bouncy Castle... I'm sure there are others).

If you just want to know which algorithms are available to your JDK, you
can write a bit of code to dump-out that information, but it depends
entirely on your environment.

Tomcat also allows you to use OpenSSL as an SSL provider (using the APR
native library) which may provide a different set of encryption
algorithms to Tomcat.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message