tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mudassir Aftab <withmudas...@gmail.com>
Subject Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47
Date Fri, 03 Jan 2014 01:36:25 GMT
Also how can i restrict cipher in the connector ??

Testing localhost:8443
** TLSv1:EXP-ADH-RC4-MD5 - ENABLED - WEAK 40 bits **
** TLSv1:ADH-AES128-SHA - ENABLED - WEAK 128 bits **
** TLSv1:EXP-ADH-DES-CBC-SHA - ENABLED - WEAK 40 bits **
** TLSv1:ADH-AES256-SHA - ENABLED - WEAK 256 bits **
** TLSv1:ADH-DES-CBC3-SHA - ENABLED - WEAK 168 bits **
** TLSv1:ADH-DES-CBC-SHA - ENABLED - WEAK 56 bits **
** TLSv1:ADH-RC4-MD5 - ENABLED - WEAK 128 bits **
** SSLv3:EXP-ADH-RC4-MD5 - ENABLED - WEAK 40 bits **
** SSLv3:ADH-AES128-SHA - ENABLED - WEAK 128 bits **
** SSLv3:EXP-ADH-DES-CBC-SHA - ENABLED - WEAK 40 bits **
** SSLv3:ADH-AES256-SHA - ENABLED - WEAK 256 bits **
** SSLv3:ADH-DES-CBC3-SHA - ENABLED - WEAK 168 bits **
** SSLv3:ADH-DES-CBC-SHA - ENABLED - WEAK 56 bits **
** SSLv3:ADH-RC4-MD5 - ENABLED - WEAK 128 bits **




On Fri, Jan 3, 2014 at 5:58 AM, Mudassir Aftab <withmudassir@gmail.com>wrote:

> How can i test this ? can i test this with Firefox 25 ?
>
>
> Regards,
> Mudassir Aftab
>
>
> On Fri, Jan 3, 2014 at 5:41 AM, Mudassir Aftab <withmudassir@gmail.com>wrote:
>
>> Thanks for keep replying,  is there any way to restrict the cipher suite
>> in the connector configuration?
>>
>>
>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
>>
>>
>>
>> On Fri, Jan 3, 2014 at 5:35 AM, Mudassir Aftab <withmudassir@gmail.com>wrote:
>>
>>> I have just configured latest version , following is the log
>>>
>>> Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener
>>> init
>>> INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR
>>> version 1.5.0.
>>> Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener
>>> init
>>>
>>> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
>>> [false], random [true].
>>> Jan 03, 2014 12:33:59 AM org.apache.catalina.core.AprLifecycleListener
>>> initializeSSL
>>> INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012)
>>> Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
>>> INFO: Initializing ProtocolHandler ["http-apr-8443"]
>>> Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
>>> INFO: Initializing ProtocolHandler ["http-apr-8080"]
>>> Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init
>>> INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
>>> Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.Catalina load
>>> INFO: Initialization processed in 3145 ms
>>> Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardService
>>> startInternal
>>> INFO: Starting service Catalina
>>> Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardEngine
>>> startInternal
>>> INFO: Starting Servlet Engine: Apache Tomcat/7.0.47
>>> Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.HostConfig
>>> deployDirectory
>>> INFO: Deploying web application directory
>>> /opt/tomcat7/webapps/host-manager
>>> Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
>>> deployDirectory
>>> INFO: Deploying web application directory /opt/tomcat7/webapps/docs
>>> Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
>>> deployDirectory
>>> INFO: Deploying web application directory /opt/tomcat7/webapps/manager
>>> Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
>>> deployDirectory
>>> INFO: Deploying web application directory /opt/tomcat7/webapps/ROOT
>>> Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig
>>> deployDirectory
>>> INFO: Deploying web application directory /opt/tomcat7/webapps/examples
>>> Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
>>> INFO: Starting ProtocolHandler ["http-apr-8443"]
>>> Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
>>> INFO: Starting ProtocolHandler ["http-apr-8080"]
>>> Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start
>>> INFO: Starting ProtocolHandler ["ajp-apr-8009"]
>>> Jan 03, 2014 12:34:07 AM org.apache.catalina.startup.Catalina start
>>> INFO: Server startup in 7422 ms
>>>
>>>
>>>
>>> On Fri, Jan 3, 2014 at 5:31 AM, Christopher Schultz <
>>> chris@christopherschultz.net> wrote:
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA256
>>>>
>>>> Mudassir,
>>>>
>>>> On 1/2/14, 7:21 PM, Mudassir Aftab wrote:
>>>> > <Connector port="8443"  protocol="HTTP/1.1" maxThreads="200"
>>>> > sslProtocol="TLSv1" sslEnabledProtocols="TLSv1.2"
>>>>
>>>> Setting sslProtocol and sslEnabledProtocols will not affect an
>>>> OpenSSL-based connector (which you have configured). As Chuck
>>>> previously stated, you need to use different configuration attributes
>>>> when using OpenSSL. Please read the documentation for the APR
>>>> connector and those configuration attributes that affect the SSL engine.
>>>>
>>>> You might want to tell us how you are trying to connect, too. Also,
>>>> run "openssl ciphers" on your system to see what ciphers are supported
>>>> by your OpenSSL, and compare those to the list supported by your
>>>> client. Perhaps you have a legitimate mismatch and TLS 1.2 itself
>>>> isn't the problem.
>>>>
>>>> - -chris
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1
>>>> Comment: GPGTools - http://gpgtools.org
>>>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>>>
>>>> iQIcBAEBCAAGBQJSxgTjAAoJEBzwKT+lPKRYcYcQAK9VZ5EncegU2zmkArxtf7dO
>>>> NvIdSzKW9oyjDngFRc/pSga79Crj1SbnhY/SrwZLCv81MWuSjjgFpIBi/RlFMjpG
>>>> ScFBU4NNT5HxGl0+0Eec9qcw93ObTKGPf8SkDjAfvpI2uzNH8DK/lHdqbqAksVGO
>>>> dZGdYPAHMx4ssTc6ADKtwaXmbdJW2yo0VNp1t5bsUEJE2BYPnV8kh0djj2fME0zo
>>>> B951A6YKyeL37c+zcAHEdbqKS1tmpk7bwuyhsXnmPCdrh6pRcqBuEGWKywCvDPw6
>>>> dopMmAd7ngGcEM4v24L5Fsv7nm2KeZL+BY+pyehxJCnP4EEobw0KtGEvzsMQn+hP
>>>> tPQ2mpxEaKIgPxe09soHCYxTM5HqtXdK25pNZBpOcTBWCJH1tz+sA5z6h7ruJNI6
>>>> fVszEZEtCevkvwkP9GYWZ3mhdvHXE1rGtpc4u2/vCJCr0Hbszv0YS6LgQVWAxrQY
>>>> b0qJLeYX+MAUGdC0Y3jLT/qes1XeK4wlugfFTP3Q2l6sKo2g7sWt8b2QDc9bKjHV
>>>> kAmG1OPEzMe9d3IU6+2IPg0R3Ztdv9u2jUXZMzbmhfrs1B4c0tvRt769GKlxgRpS
>>>> FulJgmIamfnHuRIVGUJUc30tr7e3Ozg0TduAuxnXEseb5gPR34k5O2hZO4bvqZpT
>>>> HzFL8i8XSzQPIOQTM47s
>>>> =xCfN
>>>> -----END PGP SIGNATURE-----
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message