tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. H. Lampert" <jam...@touchtonecorp.com>
Subject Re: AW: Outbound SSL?
Date Fri, 31 May 2019 22:41:53 GMT
On 5/31/19, 3:34 AM, bernd.schatz@daimler.com wrote:
> You can run a small java program on your jvm to print out the supported
> And default protocols.
> Yet, I didn’t find a better way.
>
> e.g. ==> https://confluence.atlassian.com/stashkb/list-ciphers-used-by-jvm-679609085.html

If I set the same JAVA_HOME as Tomcat was launched under, and compile 
and run "Ciphers.java" from the above site, on the customer box, I get:

 > Default Cipher
 >         SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SH
 > *       SSL_DHE_DSS_WITH_AES_128_CBC_SHA
 > *       SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
 >         SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
 > *       SSL_DHE_DSS_WITH_AES_256_CBC_SHA
 > *       SSL_DHE_DSS_WITH_AES_256_CBC_SHA256
 >         SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
 >         SSL_DHE_DSS_WITH_DES_CBC_SHA
 >         SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
 > *       SSL_DHE_RSA_WITH_AES_128_CBC_SHA
 > *       SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
 >         SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
 > *       SSL_DHE_RSA_WITH_AES_256_CBC_SHA
 > *       SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
 >         SSL_DHE_RSA_WITH_AES_256_GCM_SHA384
 >         SSL_DHE_RSA_WITH_DES_CBC_SHA
 >         SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
 >         SSL_DH_anon_WITH_AES_128_CBC_SHA
 >         SSL_DH_anon_WITH_AES_128_CBC_SHA256
 >         SSL_DH_anon_WITH_AES_128_GCM_SHA256
 >         SSL_DH_anon_WITH_AES_256_CBC_SHA
 >         SSL_DH_anon_WITH_AES_256_CBC_SHA256
 >         SSL_DH_anon_WITH_AES_256_GCM_SHA384
 >         SSL_DH_anon_WITH_DES_CBC_SHA
 > *       SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 > *       SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
 >         SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 > *       SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
 > *       SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
 >         SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 >         SSL_ECDHE_ECDSA_WITH_NULL_SHA
 > *       SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA
 > *       SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 >         SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 > *       SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA
 > *       SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 >         SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 >         SSL_ECDHE_RSA_WITH_NULL_SHA
 > *       SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA
 > *       SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
 >         SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
 > *       SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA
 > *       SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
 >         SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
 >         SSL_ECDH_ECDSA_WITH_NULL_SHA
 > *       SSL_ECDH_RSA_WITH_AES_128_CBC_SHA
 > *       SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
 >         SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
 > *       SSL_ECDH_RSA_WITH_AES_256_CBC_SHA
 > *       SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384
 >         SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384
 >         SSL_ECDH_RSA_WITH_NULL_SHA
 >         SSL_ECDH_anon_WITH_AES_128_CBC_SHA
 >         SSL_ECDH_anon_WITH_AES_256_CBC_SHA
 >         SSL_ECDH_anon_WITH_NULL_SHA
 >         SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5
 >         SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA
 >         SSL_KRB5_WITH_DES_CBC_MD5
 >         SSL_KRB5_WITH_DES_CBC_SHA
 >         SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
 >         SSL_RSA_FIPS_WITH_DES_CBC_SHA
 > *       SSL_RSA_WITH_AES_128_CBC_SHA
 > *       SSL_RSA_WITH_AES_128_CBC_SHA256
 >         SSL_RSA_WITH_AES_128_GCM_SHA256
 > *       SSL_RSA_WITH_AES_256_CBC_SHA
 > *       SSL_RSA_WITH_AES_256_CBC_SHA256
 >         SSL_RSA_WITH_AES_256_GCM_SHA384
 >         SSL_RSA_WITH_DES_CBC_SHA
 >         SSL_RSA_WITH_NULL_MD5
 >         SSL_RSA_WITH_NULL_SHA
 >         SSL_RSA_WITH_NULL_SHA256
 > *       TLS_EMPTY_RENEGOTIATION_INFO_SCSV

FOR COMPARISON PURPOSES, what we get on our box is:
 > Default Cipher
 > *       SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
 > *       SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
 > *       SSL_DHE_DSS_WITH_AES_128_CBC_SHA
 > *       SSL_DHE_DSS_WITH_AES_256_CBC_SHA
 > *       SSL_DHE_DSS_WITH_DES_CBC_SHA
 > *       SSL_DHE_DSS_WITH_RC4_128_SHA
 > *       SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
 > *       SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 > *       SSL_DHE_RSA_WITH_AES_128_CBC_SHA
 > *       SSL_DHE_RSA_WITH_AES_256_CBC_SHA
 > *       SSL_DHE_RSA_WITH_DES_CBC_SHA
 >         SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
 >         SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
 >         SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
 >         SSL_DH_anon_WITH_AES_128_CBC_SHA
 >         SSL_DH_anon_WITH_AES_256_CBC_SHA
 >         SSL_DH_anon_WITH_DES_CBC_SHA
 >         SSL_DH_anon_WITH_RC4_128_MD5
 >         SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5
 >         SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA
 >         SSL_KRB5_EXPORT_WITH_RC4_40_MD5
 >         SSL_KRB5_EXPORT_WITH_RC4_40_SHA
 >         SSL_KRB5_WITH_3DES_EDE_CBC_MD5
 >         SSL_KRB5_WITH_3DES_EDE_CBC_SHA
 >         SSL_KRB5_WITH_DES_CBC_MD5
 >         SSL_KRB5_WITH_DES_CBC_SHA
 >         SSL_KRB5_WITH_RC4_128_MD5
 >         SSL_KRB5_WITH_RC4_128_SHA
 > *       SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
 > *       SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
 > *       SSL_RSA_EXPORT_WITH_RC4_40_MD5
 > *       SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
 > *       SSL_RSA_FIPS_WITH_DES_CBC_SHA
 > *       SSL_RSA_WITH_3DES_EDE_CBC_SHA
 > *       SSL_RSA_WITH_AES_128_CBC_SHA
 > *       SSL_RSA_WITH_AES_256_CBC_SHA
 > *       SSL_RSA_WITH_DES_CBC_SHA
 >         SSL_RSA_WITH_NULL_MD5
 >         SSL_RSA_WITH_NULL_SHA
 > *       SSL_RSA_WITH_RC4_128_MD5
 > *       SSL_RSA_WITH_RC4_128_SHA


--
JHHL


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message