Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 96F88200D1A for ; Mon, 9 Oct 2017 23:06:36 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 9584D1609CE; Mon, 9 Oct 2017 21:06:36 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 505261609B8 for ; Mon, 9 Oct 2017 23:06:35 +0200 (CEST) Received: (qmail 57918 invoked by uid 500); 9 Oct 2017 21:06:33 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 57898 invoked by uid 99); 9 Oct 2017 21:06:33 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Oct 2017 21:06:33 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id EF8B0D6D1D for ; Mon, 9 Oct 2017 21:06:32 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.999 X-Spam-Level: X-Spam-Status: No, score=0.999 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, SPF_HELO_PASS=-0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id R-4Q7NY2FH98 for ; Mon, 9 Oct 2017 21:06:30 +0000 (UTC) Received: from mailbox.servedge.com (li1281-212.members.linode.com [45.79.182.212]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 2FA655F3FF for ; Mon, 9 Oct 2017 21:06:30 +0000 (UTC) Received: (qmail 15600 invoked by uid 513); 9 Oct 2017 16:06:23 -0500 Received: from pool-173-66-116-184.washdc.fios.verizon.net (HELO Christophers-iMac.local) (chris@christopherschultz.net@173.66.116.184) by mailbox.servedge.com with ECDHE-RSA-AES128-GCM-SHA256 encrypted SMTP; 9 Oct 2017 16:06:23 -0500 Subject: Re: Enforcing server preference for cipher suites To: users@tomcat.apache.org References: From: Christopher Schultz Message-ID: <42a9a56a-a5f0-af56-30bc-ddcaeb7161e8@christopherschultz.net> Date: Mon, 9 Oct 2017 17:06:23 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit archived-at: Mon, 09 Oct 2017 21:06:36 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Harish, On 10/9/17 12:31 PM, Harish Krishnan wrote: > Need your expert input here. Not sure what I am doing wrong, but I > cannot get this server preference cipher suites feature working. > > My setup: Latest tomcat 7.x build (which supports > useServerCipherSuitesOrder attribute) Latest Java 1.8 build. > > No matter what value I set to this attribute (true OR false OR > undefined which is by default), I always see the Clients preference > picked. As an example, if clients order is ABCDEF, and servers > order is DEFABC, no matter what value I set to this > useServerCipherSuitesOrder attribute, always the order selected is > ABC... What exact version of Tomcat are you using? What exact version of Java are you using? Please post your configuration, minus any secrets. Do you know if you are using the BIO, NIO, or APR connector? How are you determining client-preference? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnb5M4dHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFh+zxAAy11WLuuRfIQBdP/C qt+eW8qFulTBX1eYGfNdCcTBnTRRTqpI1GVIT//XKkcqwLmh/0jwQSK1kRfkkHhK j1V4djhQwoVtpNxP38WxsSr9yMczZNKK7OzTIEULeQqJJJTIUfGj00ayHIW/gp1p MdqFw8CCwk4Xuwpz8PYeXgYPPq7EFvyU6ABs70rrJ7ZT0yRiJHQ/fmNdHekUa63s n4+TB6BFzKIc11atGdpoHh4EXfaLMxeFWD6FVSH17FTQVqYxdDFQm32XcRgPP6If xYPQpbN8Yb5dl2jhU1u9hvgGnDUccVCKooeEZ/fsu7whztNlR6bDl2lWVJkyO+m0 RJhCNI051iEf6+pbqlj2TaqeWjlxMFozLS8gwhO5usf/ZvrhYFkOanF2KRxkKaaR /xwOvuSot06w+BVicbS0jbPiaEOux140ZUuPIxgi462mVIncYsW/oZvsbhrCoA7O GHAsqCD+8m3z/Oohi09Mi+pPebYAFuTHSERkK4s7rOHUinxzr1utx87s4g5m995R qU97BpOc33+ouOS5cKx4t+xrGaZr5LfNb8lXEZluNSDmU7Lnb7qA/yrr6prXbniG 5wv2zVlFit/8rKQInCEH0c/c2cD15RaU6iBujhfRpWYl1XWmOkWYQCzZ2xlLy/Hg lPIZuxLUk5GBnA/vV8qtLIfK7cc= =SuWg -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org