tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Restricting ciphers
Date Thu, 10 Jan 2013 03:33:37 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Baron,

On 1/9/13 5:22 PM, Baron Fujimoto wrote:
> On Wed, Jan 09, 2013 at 01:08:01PM +0400, Konstantin Kolinko
> wrote:
>> You should look into Java documentation for their cipher names.
>> 
>> See this thread from October 2009: 
>> http://markmail.org/message/zn4namfhypyxum23
> 
> Ahh, that was it! It did not occur to me that OpenSSL and Java
> might name the ciphers differently.  If I restrict the ciphers to
> those from the (differently named) set used by Java, it works as
> expected.

It's odd that JSSE ended up being seeded with anything but an empty
list of ciphers. I would expect that if you said
ciphers="BOGUS_CIPHER" then no connections would be possible. But you
were able to start the connection and make connections even with all
those broken cipher names, right?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEAREIAAYFAlDuNpEACgkQ9CaO5/Lv0PDYTACeN6kRlIwtmTaguRNfHdvyljpX
kRwAnRc+uNPAsPi9K94DE/h7xOT5DnFp
=w2ms
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message