tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Whittington <>
Subject Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers
Date Sun, 03 Mar 2013 22:18:03 GMT
On Tue, Feb 19, 2013 at 10:59 AM, Giuseppe Sacco
<> wrote:

> I listed all providers here:
> as you may see, a few of them are TLS_RSA and TLS_DHE:
> *       TLS_RSA_WITH_AES_128_CBC_SHA
> *       TLS_RSA_WITH_AES_256_CBC_SHA
> They are also listed as "default" ciphers, so -- if I understood what
> default means -- they should not be enabled explicitly.
> They overlap with those client ciphers:
> Is there any possibility that some of those server ciphers are disabled
> because of the algorithm used in the server certificate? Its signature
> algorithm is SHA1withDSA. I created it with this command line:
> keytool -genkeypair -alias tomcat -keystore ~tomcat6/.keystore

If the server keys are DSA, then only cipher suites using DSS/*DSA
will be negotiated.
In this case, the only DSS cipher suite that your client appears to
support is TLS_DHE_DSS_WITH_NULL_SHA, which isn't supported by Java 6
or 7.

> A side note: is it possibile to put tomcat behind a web server and make
> the latter encrypt in SSL? This would imply that communication between
> the web server and tomcat would be in clear, but how do I  create the
> connector proxy* information? I may specify proxyName and proxyPort, but
> I cannot specify proxyProtocol. Is this right?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message