tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kreuser, Peter" <pkreu...@airplus.com>
Subject AW: Tomcat 7.0.65 + Java 6 Update 121 64-bit - Cipher Suite Names
Date Wed, 21 Sep 2016 11:27:01 GMT
Roman,

> On 21/09/2016 11:22, Román Valoria wrote:
> > Before anyone tells me, I cannot upgrade either Tomcat or Java to the
> > latest major release.
> > 
> > My setup is running on Windows Server 2008 R2 64-bit OS.
> 
> What configuration have you tried?
> 
> How do you know it didn't work?
> 
> Mark
> 
> > 
> > On Wed, Sep 21, 2016 at 6:18 PM, Román Valoria <romanvaloria@gmail.com>
> > wrote:
> > 
> >> Dear all:
> >>
> >> I need to configure Tomcat 7.0.65 with Java 6, both 64-bit.
> >>
> >> I have managed to make it work with update 121 in using the SSL protocol
> >> TLS 1.2.
> >>
> >> Now I need to exert some control over the cipher suites used on that
> >> protocol.
> >>
> >> I am unable to come up with the list of supported cipher suite names to
> >> use.
> >>
> >> Both JRE and JDK are in:
> >>
> >> https://support.oracle.com/epmos/faces/PatchResultsNDetails?patchId=
> >> 9553040
> >>
> >> I am using both the Java 6 and 7 documentation to come up with the cipher
> >> suite names:
> >>
> >> Java Cryptography Architecture Sun ProvidersDocumentation
> >> <http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html>
> >>
> >>
> >> Java PKCS#11 Reference Guide
> >> <http://docs.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html#ALG>
> >>
> >>
> >> Standard Algorithm Name Documentation
> >> <http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Cipher>
> >>
> >>
> >> Java Cryptography Architecture Oracle ProvidersDocumentation
> >> <http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider>
> >>
> >>
> >> As per the above I even tried downloading the Java Cryptography Extension
> >> for Java 6 from:
> >>
> >> Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy
> >> Files 6
> >> <http://www.oracle.com/technetwork/java/embedded/embedded-se/downloads/jce-6-download-429243.html>
> >>
> >>
> >> But that is for 32-bit and failed anyway.
> >>
> >> Am I missing something?
> >>
> >> Thanks and regards.
> >>
> > 
> 

I have had good experiences with SSLInfo.java (https://gist.github.com/MikeN123/8810553).
That will provide you with the possible Ciphers in you JRE.
Converting a good openssl cipher string to Java syntax can be found on http://blog.bitmelt.com/2013/11/tomcat-ssl-hardening.html

Given Java6, you will not have many working options. Most browsers will limit usage of old
ciphers. Plus you lose TLS 1.1/1.2.

Best regards

Peter 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message