Return-Path: 
 <users-return-254902-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1E1C518E07
	for <apmail-tomcat-users-archive@www.apache.org>;
 Thu,  1 Oct 2015 10:22:36 +0000 (UTC)
Received: (qmail 75846 invoked by uid 500); 1 Oct 2015 10:22:31 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 75785 invoked by uid 500); 1 Oct 2015 10:22:31 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 75771 invoked by uid 99); 1 Oct 2015 10:22:31 -0000
Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Oct 2015 10:22:31 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org)
 with ESMTP id 4B8E2C00B1
	for <users@tomcat.apache.org>; Thu,  1 Oct 2015 10:22:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 3.244
X-Spam-Level: ***
X-Spam-Status: No, score=3.244 tagged_above=-999 required=6.31
	tests=[FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=3,
	RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
	autolearn=disabled
Received: from mx1-eu-west.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new,
 port 10024)
	with ESMTP id yeygkFm5RyLn for <users@tomcat.apache.org>;
	Thu,  1 Oct 2015 10:22:19 +0000 (UTC)
Received: from BAY004-OMC2S23.hotmail.com (bay004-omc2s23.hotmail.com
 [65.54.190.98])
	by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with
 ESMTPS id 831DB20F9F
	for <users@tomcat.apache.org>; Thu,  1 Oct 2015 10:22:18 +0000 (UTC)
Received: from BAY178-W14 ([65.54.190.123]) by BAY004-OMC2S23.hotmail.com over
 TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);
	 Thu, 1 Oct 2015 03:22:11 -0700
X-TMN: [5QDbIuh57yij4AXCys/CYAIZoSpHyy1R]
X-Originating-Email: [rksingh98@hotmail.com]
Message-ID: <BAY178-W142119461F6D51E7E89ED8AC4C0@phx.gbl>
Content-Type: multipart/alternative;
	boundary="_b7741239-c02e-41a0-a814-c213ad05a928_"
From: Rahul Singh <rksingh98@hotmail.com>
To: Tomcat Users List <users@tomcat.apache.org>
Subject: RE: logjam attacks in tomcat 7
Date: Thu, 1 Oct 2015 15:52:10 +0530
Importance: Normal
In-Reply-To: <560CD9D3.9080009@apache.org>
References: 
 <BAY178-W14AE010A799863F16E2C37AC4C0@phx.gbl>,<CAOUabB3Me6NCbfLS4D_nj3Zs-7HVv5JCT3y_xBoU=K6JxhwQSQ@mail.gmail.com>,<BAY178-W40D2A639D73C0BDDDD6D9CAC4C0@phx.gbl>,<560CD9D3.9080009@apache.org>
MIME-Version: 1.0
X-OriginalArrivalTime: 01 Oct 2015 10:22:11.0003 (UTC)
 FILETIME=[088240B0:01D0FC33]

--_b7741239-c02e-41a0-a814-c213ad05a928_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Ok Thanks for your quick response.Could you please tell me the size of ciph=
er key mentioned below is it stronger than 1024?ciphers=3D"TLS_ECDHE_RSA_WI=
TH_AES_128_CBC_SHA256=2CTLS_ECDHE_RSA_WITH_AES_128_CBC_SHA=2CTLS_ECDHE_RSA_=
WITH_AES_256_CBC_SHA384=2CTLS_ECDHE_RSA_WITH_AES_256_CBC_SHA=2CTLS_ECDHE_RS=
A_WITH_RC4_128_SHA=2CTLS_RSA_WITH_AES_128_CBC_SHA256=2CTLS_RSA_WITH_AES_128=
_CBC_SHA=2CTLS_RSA_WITH_AES_256_CBC_SHA256=2CTLS_RSA_WITH_AES_256_CBC_SHA=
=2CSSL_RSA_WITH_RC4_128_SHA"
> Subject: Re: logjam attacks in tomcat 7
> To: users@tomcat.apache.org
> From: markt@apache.org
> Date: Thu=2C 1 Oct 2015 08:59:31 +0200
>=20
> On 01/10/2015 07:08=2C Rahul Singh wrote:
> > Yes i know this fix=2C
> > i just want to know=2C waht is deafult cipher deatil=2C in my existing =
server.xml no cipher parameter value is mentioned.So please help me to unde=
rstand the same.
>=20
> To quote the documentation:
>=20
> <quote>
> By default=2C the default ciphers for the JVM will be used. Note that thi=
s
> usually means that the weak export grade ciphers will be included in the
> list of available ciphers.
> </quote>
>=20
> If you want to know what that means for the JVM you are using then I
> strongly recommend this site:
>=20
> https://www.ssllabs.com/ssltest/
>=20
> Mark
>=20
>=20
> >=20
> >=20
> >=20
> >=20
> >> Date: Thu=2C 1 Oct 2015 10:26:43 +0530
> >> Subject: Re: logjam attacks in tomcat 7
> >> From: srikanth.hugar@gmail.com
> >> To: users@tomcat.apache.org
> >>
> >> Configuration like mentioned below should be able to resolve your issu=
e:
> >>
> >> <Connector port=3D"{{ https_port }}"
> >> protocol=3D"org.apache.coyote.http11.Http11Protocol" SSLEnabled=3D"tru=
e"
> >>                maxThreads=3D"150" scheme=3D"https" secure=3D"true"
> >>                keystoreType=3D"JKS" keystoreFile=3D"{{path_to_keystore=
}}"
> >> keystorePass=3D"{{ keystore_password }}"
> >>                clientAuth=3D"false" sslEnabledProtocols=3D"TLSv1=2C TL=
Sv1.1=2C
> >> TLSv1.2"
> >>  ciphers=3D"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256=2CTLS_ECDHE_RSA_WITH=
_AES_128_CBC_SHA=2C
> >>  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384=2CTLS_ECDHE_RSA_WITH_AES_256_CB=
C_SHA=2CTLS_ECDHE_RSA_WITH_RC4_128_SHA=2C
> >>  TLS_RSA_WITH_AES_128_CBC_SHA256=2CTLS_RSA_WITH_AES_128_CBC_SHA=2CTLS_=
RSA_WITH_AES_256_CBC_SHA256=2C
> >>  TLS_RSA_WITH_AES_256_CBC_SHA=2CSSL_RSA_WITH_RC4_128_SHA" />
> >>
> >> Srikanth Hugar
> >> www.gharki.com
> >>
> >>
> >>
> >> On Thu=2C Oct 1=2C 2015 at 10:22 AM=2C Rahul Singh <rksingh98@hotmail.=
com> wrote:
> >>
> >>> Dear Tomcat Support Team=2CThanks for your continuous support.
> >>> In our Application Tomcat V 7.0.54 is used. We are facing the problem=
 of
> >>> "Server has a weak=2C ephemeral Diffie-Hellman public key
> >>> ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY"
> >>> In chrome browser.
> >>> Tomcat server .xml have following configuration=2C which does not con=
tain
> >>> chipher=2C it means it used default cipher.
> >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<Connector
> >>> port=3D"8585" minSpareThreads=3D"5"                    enableLookups=
=3D"true"
> >>> redirectPort=3D"8282"                    acceptCount=3D"32"
> >>> connectionTimeout=3D"60000"/> <Connector port=3D"8282" minSpareThread=
s=3D"5"
> >>> SSLEnabled=3D"true"                    enableLookups=3D"true"
> >>>   acceptCount=3D"32"  scheme=3D"https" secure=3D"true"
> >>> clientAuth=3D"false" sslEnabledProtocols=3D"TLSv1.2"
> >>>  algorithm=3D"SunX509"/>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> >>> Underline JAVA is : OpenJDK Runtime Environment (rhel-2.5.5.3.el6-x86=
_64
> >>> u79-b14)
> >>> So could ypu please assist me to understand the following things.
> >>> 1- What value of default cipher is using in My application.2- Does it
> >>> require to update for working with lates Browser chrome and fixing th=
e
> >>> "Diffie-Hellman" security issue.
> >>> Regards=2CRahul kumar Singh
> >  		 	   		 =20
> >=20
>=20
>=20
> ---------------------------------------------------------------------
> To unsubscribe=2C e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands=2C e-mail: users-help@tomcat.apache.org
>=20
 		 	   		  =

--_b7741239-c02e-41a0-a814-c213ad05a928_--