Well, I'm using JVM1.6 Update 35 (the latest). I want the best encription I can get, while at the same time I want it to be near to 100% compatible with all my possible internet visitor's browsers, and also I want to pass the PCI test that www.secritymetrics.com performs. I have humble requirements :-)
On Sat, Sep 15, 2012 at 2:05 PM, Mark Thomas <ma...@apache.org> wrote: > On 15/09/2012 19:59, Brian Braun wrote: > > Hi Mark, > > > > I was really interested in your advice. I'm glad you answered, thanks! > > I'm trying not the disable TLS1.0 because I did a site that is being uses > > by unknown people over the internet, and I don't one how many of them are > > using a browser that only works with TLS1.0. > > Where can I get the list of all available ciphers for Sun JVM 6 update > 35? > > http://people.apache.org/~markt/random/CryptoInfo.java > > > I would like to get the complete list, and then remove the CBC ones. > > You'll need to remove more than just the CBC ones. Anything with EXPORT > or NULL will need to go too. Maybe others. You'll have to check each one. > > > Right > > now I'm using just 3, from which one uses CBC: > > > ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA" > > Besides removing the last one, which ones should I add? > > It depends on what the JVM supports and what minimum strength encryption > you want. > > Mark > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
