tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "charlie arehart" <charlie_li...@carehart.org>
Subject RE: configuring ciphers for SSL Labs server test
Date Fri, 11 May 2018 15:36:01 GMT

Also, Baron, about the URL you're testing on your site via by SSLLabs: is that really one
being served by Tomcat's web server? That's whose connector you're showing here. 

If instead you are fronting/proxying Tomcat with Apache or IIS, then my understanding is that
the SSL support is handled by that web server, not Tomcat (and the connector handling that
would be one with a protocol="AJP/1.3" or the like), and you'd then be wanting to really resolve
the poor grades via configuration of those instead.

I am open to being corrected by you or others here, of course.

/charlie

>> On 5/10/18 2:45 PM, Baron Fujimoto wrote:
>>> I'm trying to improve our grade on SSL Labs SSL server test[1] for 
>>> our Tomcat configuraton. Currently, their report caps our grade at B 
>>> because, "This server does not support Authenticated encryption 
>>> (AEAD) cipher suites". They report that we support the following cipher suites:
>>>
<snip>
>>>
>>>      <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
>>>                 address="0.0.0.0"
>>>                 port="8443"
>>>                 maxThreads="500"
>>>                 maxPostSize="100000"
>>>                 scheme="https" secure="true"
>>>                 defaultSSLHostConfigName="foo.example.edu"
>>>                 SSLEnabled="true" >
>>>          <SSLHostConfig hostName="foo.example.edu"
<snip>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message