tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aurélien Terrestris <aterrest...@gmail.com>
Subject Re: Tomcat 7 / Java 7 with TLS 1.2 algorithms
Date Thu, 22 Aug 2013 13:53:55 GMT
According to RFC 5246 Appendix C (TLS 1.2), there is no SHA384. See :
http://www.ietf.org/rfc/rfc5246.txt

The JSSE Reference Guide also doesn't talk about this SHA384 as an
implementation requirement. See :
http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#impl

This means you have a problem with SHA256 only. Maybe it's easier to
test on client-side, with one of the following ciphers (that you find
on the same Reference Guide ) for example :

TLS_DH_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Let me know if this works, or I will try to test by myself with my own client.



2013/8/22 Dennis Sosnoski <dms@sosnoski.com>:
> I've already done that, though as far as I can see that doesn't effect the
> digest algorithms (only the encryption options).
>
>   - Dennis
>
>
> On 08/23/2013 12:24 AM, Aurélien Terrestris wrote:
>>
>> Hello
>>
>> I suppose you need to run your JVM with the unrestricted policy files (on
>> b=
>> oth client and server sides). You have to download them from Oracle
>> website=
>>   for your java version, and replace the old.
>>
>> These files are :
>> local_policy.jar
>> US_export_policy.jar
>>
>> Regards
>>
>> 2013/8/22  <dms@sosnoski.com>:
>>>
>>> Tomcat 7.0.40 seems to work well with TLS 1.2, forced by using a
>>> sslEnabledProtocols="TLSv1.2" attribute on the <Connector>. But I haven't
>>> been able to make it work with any of the SHA256/384 algorithms - they
>>> always show up in the "Ignoring unsupported cipher suite" list. I get the
>>> same thing happening when I try to use them from client code, so I know it's
>>> not a Tomcat issue, but I'm hoping someone knows a workaround.
>>>
>>> Any suggestions?
>>>
>>> Thanks,
>>>
>>>    - Dennis
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message