tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rahul Singh <rksing...@hotmail.com>
Subject RE: logjam attacks in tomcat 7
Date Thu, 01 Oct 2015 05:08:40 GMT
Yes i know this fix,
i just want to know, waht is deafult cipher deatil, in my existing server.xml no cipher parameter
value is mentioned.So please help me to understand the same.




> Date: Thu, 1 Oct 2015 10:26:43 +0530
> Subject: Re: logjam attacks in tomcat 7
> From: srikanth.hugar@gmail.com
> To: users@tomcat.apache.org
> 
> Configuration like mentioned below should be able to resolve your issue:
> 
> <Connector port="{{ https_port }}"
> protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
>                maxThreads="150" scheme="https" secure="true"
>                keystoreType="JKS" keystoreFile="{{path_to_keystore}}"
> keystorePass="{{ keystore_password }}"
>                clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1,
> TLSv1.2"
>  ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
>  TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
>  TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />
> 
> Srikanth Hugar
> www.gharki.com
> 
> 
> 
> On Thu, Oct 1, 2015 at 10:22 AM, Rahul Singh <rksingh98@hotmail.com> wrote:
> 
> > Dear Tomcat Support Team,Thanks for your continuous support.
> > In our Application Tomcat V 7.0.54 is used. We are facing the problem of
> > "Server has a weak, ephemeral Diffie-Hellman public key
> > ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY"
> > In chrome browser.
> > Tomcat server .xml have following configuration, which does not contain
> > chipher, it means it used default cipher.
> > ================================================================<Connector
> > port="8585" minSpareThreads="5"                    enableLookups="true"
> > redirectPort="8282"                    acceptCount="32"
> > connectionTimeout="60000"/> <Connector port="8282" minSpareThreads="5"
> > SSLEnabled="true"                    enableLookups="true"
> >   acceptCount="32"  scheme="https" secure="true"
> > clientAuth="false" sslEnabledProtocols="TLSv1.2"
> >  algorithm="SunX509"/>================================================================
> > Underline JAVA is : OpenJDK Runtime Environment (rhel-2.5.5.3.el6-x86_64
> > u79-b14)
> > So could ypu please assist me to understand the following things.
> > 1- What value of default cipher is using in My application.2- Does it
> > require to update for working with lates Browser chrome and fixing the
> > "Diffie-Hellman" security issue.
> > Regards,Rahul kumar Singh
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message