tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47
Date Fri, 03 Jan 2014 19:15:10 GMT
> From: Sanaullah [mailto:sanaullah82@gmail.com] 
> Subject: Fwd: TLS is not working in 6.0.37, 7.0.42, 7.0.47

> The Document which you were referring
> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native,
> is clearly stated that only SSLv2, SSLv3, TLSv1 is support by SSLProtocol
> Attribute.

TLSv1.1 and TLSv1.2 are included in TLSv1, when using the appropriate ciphers.

> TLSv1.1 and TLSV1.2 supported Cipher can't be invoked until TLSv1.1 and
> TLSv1.2 is enabled.see the supported Cipher list on TLSV1.2 on openssl link.
> http://www.openssl.org/docs/apps/ciphers.html#TLS_v1_2_cipher_suites

That's backwards; TLSv1.1 and TLSv1.2 are used automatically if TLSv1 is enabled and the client
and server support v1.1 or v1.2 ciphers.

>  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    ECDH-ECDSA-AES128-SHA256
>  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    ECDH-ECDSA-AES256-SHA384
>  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    ECDH-ECDSA-AES128-GCM-SHA256
>  TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    ECDH-ECDSA-AES256-GCM-SHA384

Those all appear to be supported in OpenSSL 1.0.1e.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message