tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sanaullah <sanaulla...@gmail.com>
Subject Fwd: TLS is not working in 6.0.37, 7.0.42, 7.0.47
Date Fri, 03 Jan 2014 13:13:52 GMT
Hi Chuck.

I just also took interest to dig this issue.

The Document which you were referring
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native,
is clearly stated that only SSLv2, SSLv3, TLSv1 is support by SSLProtocol
Attribute.

SSLCipherSuite will only be supported cipher available in SSLv2,SSLv3,
TLSV1.

TLSv1.1 and TLSV1.2 supported Cipher can't be invoked until TLSv1.1 and
TLSv1.2 is enabled.see the supported Cipher list on TLSV1.2 on openssl link.
http://www.openssl.org/docs/apps/ciphers.html#TLS_v1_2_cipher_suites

I am happy to see if someone enabled below ciphers without enabling the
TLSv1.2

 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    ECDH-ECDSA-AES128-SHA256
 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    ECDH-ECDSA-AES256-SHA384
 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    ECDH-ECDSA-AES128-GCM-SHA256
 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    ECDH-ECDSA-AES256-GCM-SHA384

Regards,
San





On Fri, Jan 3, 2014 at 12:59 PM, Mudassir Aftab <withmudassir@gmail.com>wrote:

>
>
> ---------- Forwarded message ----------
> From: Caldarale, Charles R <Chuck.Caldarale@unisys.com>
> Date: Fri, Jan 3, 2014 at 10:45 AM
> Subject: RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47
> To: Tomcat Users List <users@tomcat.apache.org>
>
>
> > From: Mudassir Aftab [mailto:withmudassir@gmail.com]
> > Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47
>
> > Should i use following APR connector attribute ?
> >    <Connector port="8443"
> >            protocol="org.apache.coyote.http11.Http11AprProtocol"
> >            maxThreads="200"
> >            sslProtocol="TLSv1" sslEnabledProtocols="TLSv1.2"
> >            clientAuth="false"
> >            ciphers="AES256-SHA256"
> >            scheme="https" secure="true" SSLEnabled="true"
> >            SSLCertificateFile="p.pem"
> >            SSLCertificateKeyFile="key.pem"
> >            SSLCACertificateFile="AdminCA1.pem" />
>
> For the third time, the APR <Connector> has no sslProtocol nor
> sslEnabledProtocols attributes; the proper ones for specifying the protocol
> and encryption algorithms are SSLProtocol and SSLCipherSuite, respectively.
>  For the last time, read the doc:
>
> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native
>
> (If you don't start paying attention to the responses you're getting, you
> will end up just being ignored.)
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message