tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: TLS protocols and cipher suites available under JSSE?
Date Wed, 13 Mar 2019 21:53:15 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James,

On 3/13/19 12:48 PM, James H. H. Lampert wrote:
> We've got a customer who is asking about cipher suites and TLS
> protocols.
> 
> Given Tomcat 7.0.93, with the option of running it under JDK 7.0,
> JDK 7.1, or JDK 8.0, can somebody point me to docs explaining what
> TLS levels and cipher suites are available under the various JVMs?

You should look at the docs for each version of Java:

7:
https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProvi
ders.html

8:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProvi
ders.html

If you are using a non-standard "provider" (like one from IBM!), then
you'll have to read their documentation to find out what they provide.

If you are using OpenSSL, then the list of supported cipher suites
will be tied to the version of OpenSSL that you are using.

I would always run with the latest JDK you can tolerate. We are
running Tomcat 8.5.x on OpenJDK 8 in production, but we are running
OpenJDK 11 in dev/test and everything seems just fine. I don't see any
reason why Tomcat 7.0.x wouldn't run on a modern JVM, and you'll get
much better support for newer cipher suites.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlyJe8sACgkQHPApP6U8
pFj9Pw//R2bXzuXx25L60kyzXKhOJLZroERD83EEtooadS0jIOfvs3h5G4GGuLGF
MSsLEN5+DMEzAcb6+uFGcukfWLkSYkf5QL2MWJMGhm9jXQcY3TNzuURrcKhB34vg
O6Gx416FPdXEBsLT7Cc20bLBlq1SvPUXMMWNJ1YGfNpi5+zDbmgcX8JsTivAx1Aw
pC0b4rOAF0qfrYFhskW1alpuRlHQgRVPcFcA1MCcytO1FewCpe7gHqWeWKWOW3/Z
jtCi9ChsbX6fEE6M1sD47Xqgrq2FN8eM09BXe0ZCV1dvG1H0QlJ1NkMaykbRC9DE
quqPn8a7afDPjdNMO009Dx+gO/hj3I09e3rlnnq1ePu6pIRkG7Z1zR7TIuQ0A+SO
utJMaTSUnbjxiU4euDo/O294dzTeJb3kfD2Z4KnR+kMAUjoJuY8K2/jtGBTGf63q
o6Y6FfuwYs799c1zeYlRcaFABHV5SpgRYeVEPyVdRchv3np0WnXty6eELu0GWvYx
PvTPbXNl7Il9h+4MWvK5meMy4PeLvfawgS5dAlGXrQANwBVnatbSSGrWd/h3JvvX
nGQAMsWtDbOYx5P5u9c+MkkAcoLUdJq1PGNh2tVbbEVWYQBQnl57DfOHmAqOInq5
SAaa6oIg0CeKz9ymNECmwmXWFT9kM3xkLZP0xQYsUTKiSMWdQ/0=
=lODH
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message