>>As can be seen from your usage of "keystoreType" attribute, you are
>>using Java implementation of the Connector, not openssl/APR one.
>>
>>You should look into Java documentation for their cipher names.
>>
>>See this thread from October 2009:
>>http://markmail.org/message/zn4namfhypyxum23
>
> A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin,
On 1/11/13 9:26 PM, Martin Gainty wrote:
>>
>> 1. The ciphers parameter in Connecter determines the enabled
>> cipher suites in the SSLSocket. See
>> SSLSocket.setEnabledCipherSuites(). That in turn restricts which
>> actual cipher suite ca
standing is there can be NO handshake as there is a mismatch
BETWEENSigning Algo already in use (RSA)
with the Signing Algorithm identified by the cipher (IDEA) from the ciphers
parameter
is this not the case?
>
> Connection between (1) and (2): zero. MG>agreed
>
> EJP
>
>
35 PM
To: Tomcat Users List
Subject: RE: Restricting ciphers
its a simple question what does ciphers parameter in Connector have anything
to do with the supported ciphers from the key itself the 2 are disconnected
please dont waste my time and anyone elses with insults when you are unable
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin,
On 1/10/13 11:00 PM, Martin Gainty wrote:
>
> http://security.stackexchange.com/questions/7440/what-ciphers-should-i-use-in-my-web-server-after-i-configure-my-ssl-certificate
>
>
With a RSA key you can nominally use the "RSA" and "DHE_RSA"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin,
On 1/10/13 10:35 PM, Martin Gainty wrote:
> its a simple question what does ciphers parameter in Connector
> have anything to do with the supported ciphers from the key itself
> the 2 are disconnected
Supported ciphers may be set in the con
g on the issuing certificate authority key type.
your witness
Martin
__
> From: mgai...@hotmail.com
> To: users@tomcat.apache.org
> Subject: RE: Restricting ciphers
> Date: Thu, 10 Jan 2013 22:35:05 -0500
>
>
> its a simple question what does ciphers p
___ When Free Speech and Discovery are
replaced by Confusion and Obfuscation its time to move > Date: Thu, 10 Jan 2013
18:25:02 -0500
> From: ch...@christopherschultz.net
> To: users@tomcat.apache.org
> Subject: Re: Restricting ciphers
>
> -BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin,
Honestly, I'm not sure why I'm feeding the troll at this point. Maybe
I'm trying to atone for some horrible crime I can't remember.
On 1/10/13 10:05 AM, Martin Gainty wrote:
> terminology :
Nobody was arguing about terminology. Next time,
e algorithm name
3)aggregate cipherSuite by determining Signature specific supported ciphers
from Signature algorithm name from
http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html
4)reference ciphers attribute from Tomcat Date: Thu, 10 Jan 2013 11:44:49 +0400
> Subject
2013/1/10 Baron Fujimoto :
> On Wed, Jan 09, 2013 at 01:08:01PM +0400, Konstantin Kolinko wrote:
>>2013/1/9 Baron Fujimoto :
>>> I'm attempting to mitigate BEAST (CVE-2011-3389) attacks on Tomcat 6.0.35.
>>> My understanding is that the attack applies only to CBC ciphers, and that
>>> RC4 ciphers a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin,
On 1/9/13 6:27 PM, Martin Gainty wrote:
>
> how does one divine EPR change from APR to AJP or NIO based on
> keystoreType?
Great, now /you/ are in on the quantum mechanics jokes around here? *sigh*
> if we use curl --key-type Private key
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Baron,
On 1/9/13 5:22 PM, Baron Fujimoto wrote:
> On Wed, Jan 09, 2013 at 01:08:01PM +0400, Konstantin Kolinko
> wrote:
>> You should look into Java documentation for their cipher names.
>>
>> See this thread from October 2009:
>> http://markmail.
?
explain this algorithm please
Martin
__
do not alter this email communication> Date: Wed, 9 Jan 2013 12:22:27 -1000
> From: ba...@hawaii.edu
> To: users@tomcat.apache.org
> Subject: Re: Restricting ciphers
>
> On Wed, Jan 09, 2013 a
On Wed, Jan 09, 2013 at 01:08:01PM +0400, Konstantin Kolinko wrote:
>2013/1/9 Baron Fujimoto :
>> I'm attempting to mitigate BEAST (CVE-2011-3389) attacks on Tomcat 6.0.35.
>> My understanding is that the attack applies only to CBC ciphers, and that
>> RC4 ciphers are not vulnerable, so I am attemp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin,
On 1/9/13 8:33 AM, Martin Gainty wrote:
> org.apache.tomcat.util.net.AprEndpoint protected String
> SSLCipherSuite = "ALL"; public String getSSLCipherSuite() { return
> SSLCipherSuite; } public void setSSLCipherSuite(String
> SSLCipherSuite)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Baron,
On 1/8/13 9:55 PM, Baron Fujimoto wrote:
> However, when I test this by attempting connections with a
> script[*]
You could use 'sslscan' which is available directly from many Linux
package managers. You can also use online tools like Qualys
uot;;
public String getSSLCipherSuite() { return SSLCipherSuite; }
public void setSSLCipherSuite(String SSLCipherSuite) { this.SSLCipherSuite
= SSLCipherSuite; }
you found a bug!
Martin Gainty
__
We have awaken a sleeping bear and filled him with a terrible r
2013/1/9 Baron Fujimoto :
> I'm attempting to mitigate BEAST (CVE-2011-3389) attacks on Tomcat 6.0.35.
> My understanding is that the attack applies only to CBC ciphers, and that
> RC4 ciphers are not vulnerable, so I am attempting to restrict the set of
> ciphers that Tomcat uses with the followin
I'm attempting to mitigate BEAST (CVE-2011-3389) attacks on Tomcat 6.0.35.
My understanding is that the attack applies only to CBC ciphers, and that
RC4 ciphers are not vulnerable, so I am attempting to restrict the set of
ciphers that Tomcat uses with the following config for a connector:
How
20 matches
Mail list logo
