tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: logjam attacks in tomcat 7
Date Thu, 01 Oct 2015 06:59:31 GMT
On 01/10/2015 07:08, Rahul Singh wrote:
> Yes i know this fix,
> i just want to know, waht is deafult cipher deatil, in my existing server.xml no cipher
parameter value is mentioned.So please help me to understand the same.

To quote the documentation:

<quote>
By default, the default ciphers for the JVM will be used. Note that this
usually means that the weak export grade ciphers will be included in the
list of available ciphers.
</quote>

If you want to know what that means for the JVM you are using then I
strongly recommend this site:

https://www.ssllabs.com/ssltest/

Mark


> 
> 
> 
> 
>> Date: Thu, 1 Oct 2015 10:26:43 +0530
>> Subject: Re: logjam attacks in tomcat 7
>> From: srikanth.hugar@gmail.com
>> To: users@tomcat.apache.org
>>
>> Configuration like mentioned below should be able to resolve your issue:
>>
>> <Connector port="{{ https_port }}"
>> protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
>>                maxThreads="150" scheme="https" secure="true"
>>                keystoreType="JKS" keystoreFile="{{path_to_keystore}}"
>> keystorePass="{{ keystore_password }}"
>>                clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1,
>> TLSv1.2"
>>  ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>>  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
>>  TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
>>  TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />
>>
>> Srikanth Hugar
>> www.gharki.com
>>
>>
>>
>> On Thu, Oct 1, 2015 at 10:22 AM, Rahul Singh <rksingh98@hotmail.com> wrote:
>>
>>> Dear Tomcat Support Team,Thanks for your continuous support.
>>> In our Application Tomcat V 7.0.54 is used. We are facing the problem of
>>> "Server has a weak, ephemeral Diffie-Hellman public key
>>> ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY"
>>> In chrome browser.
>>> Tomcat server .xml have following configuration, which does not contain
>>> chipher, it means it used default cipher.
>>> ================================================================<Connector
>>> port="8585" minSpareThreads="5"                    enableLookups="true"
>>> redirectPort="8282"                    acceptCount="32"
>>> connectionTimeout="60000"/> <Connector port="8282" minSpareThreads="5"
>>> SSLEnabled="true"                    enableLookups="true"
>>>   acceptCount="32"  scheme="https" secure="true"
>>> clientAuth="false" sslEnabledProtocols="TLSv1.2"
>>>  algorithm="SunX509"/>================================================================
>>> Underline JAVA is : OpenJDK Runtime Environment (rhel-2.5.5.3.el6-x86_64
>>> u79-b14)
>>> So could ypu please assist me to understand the following things.
>>> 1- What value of default cipher is using in My application.2- Does it
>>> require to update for working with lates Browser chrome and fixing the
>>> "Diffie-Hellman" security issue.
>>> Regards,Rahul kumar Singh
>  		 	   		  
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message