Re: How to set up TLS-PSK with Tomcat

2014-09-24 Thread Borislav Trifonov
I don't know yet--it's the next thing I'll need to figure out. On 9/22/2014 5:55 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Borislav, On 9/20/14 11:57 PM, Borislav Trifonov wrote: Switched to a configuration where Tomcat is now front-ended by Nginx acting a

Re: How to set up TLS-PSK with Tomcat

2014-09-22 Thread André Warnier
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Borislav, On 9/20/14 11:57 PM, Borislav Trifonov wrote: Switched to a configuration where Tomcat is now front-ended by Nginx acting as a load balancer, so now the problem has moved to a different spot. Just curious:

Re: How to set up TLS-PSK with Tomcat

2014-09-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Borislav, On 9/20/14 11:57 PM, Borislav Trifonov wrote: > Switched to a configuration where Tomcat is now front-ended by > Nginx acting as a load balancer, so now the problem has moved to a > different spot. Just curious: how does Nginx do this? I

RE: How to set up TLS-PSK with Tomcat

2014-09-20 Thread Borislav Trifonov
Switched to a configuration where Tomcat is now front-ended by Nginx acting as a load balancer, so now the problem has moved to a different spot. As for the PSK: the computational expense of key exchange (we have many frequent short lived connections) is a con that brings zero benefit to our se

Re: How to set up TLS-PSK with Tomcat

2014-09-19 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Borislav, On 9/19/14 3:47 PM, Borislav Trifonov wrote: > Are you saying Tomcat can use OpenSSL instead of Java for TLS? Yes. You need to use the tcnative library ("Tomcat Native" on the Tomcat web site) along with libapr and libssl. Under a default

RE: How to set up TLS-PSK with Tomcat

2014-09-19 Thread Borislav Trifonov
778 688 6139 F: +1 604 694 0001 From: Igor Cicimov [icici...@gmail.com] Sent: Thursday, September 18, 2014 3:46 PM To: Tomcat Users List Subject: Re: How to set up TLS-PSK with Tomcat On 19/09/2014 5:16 AM, "Borislav Trifonov" wrote: > >

Re: How to set up TLS-PSK with Tomcat

2014-09-19 Thread Mark Thomas
On 18/09/2014 20:15, Borislav Trifonov wrote: > We need to use pre-shared keys, not certificates. TLS supports PSK, > but how does one set this up in Tomcat? All the guides for SSL/TLS in > Tomcat I've found talk about setting up certificates. PSK ciphers are not supported JSSE provider provided b

Re: How to set up TLS-PSK with Tomcat

2014-09-18 Thread Igor Cicimov
On 19/09/2014 5:16 AM, "Borislav Trifonov" wrote: > > We need to use pre-shared keys, not certificates. TLS supports PSK, but how does one set this up in Tomcat? All the guides for SSL/TLS in Tomcat I've found talk about setting up certificates. > Set sslProtocol="TLS" and appropriate ciphers="...

How to set up TLS-PSK with Tomcat

2014-09-18 Thread Borislav Trifonov
We need to use pre-shared keys, not certificates. TLS supports PSK, but how does one set this up in Tomcat? All the guides for SSL/TLS in Tomcat I've found talk about setting up certificates.