Am 29.05.2015 um 23:31 schrieb Christopher Schultz:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256Ramon, On 5/29/15 4:42 PM, Ramon Pfeiffer wrote:On 29.05.2015 21:12, Christopher Schultz wrote:Ramon, On 5/29/15 3:32 AM, Ramon Pfeiffer wrote:Am 28.05.2015 um 18:56 schrieb Caldarale, Charles R:From: Ramon Pfeiffer [mailto:ramon.pfeif...@uni-tuebingen.de] Subject: Problem specifying cipher suites in tomcat6I'm currently trying to specify a list of cipher suites to be used by my connector in Tomcat 6.0.24.Anybody can shed some light on what I did wrong?Using a version of Tomcat that's more than five years old is the first thing - there have been many, many security fixes since then, including some related to the ciphers attribute. You also need to tell us the JVM version, the platform you're running on, and whether or not APR is in use for this <Connector> (it's in the logs).Sadly, it's a system I inherited last year and now have the pleasure to work with. I can't update Tomcat for I don't know what will break.If you can't upgrade it, you are better-off shutting-down the service, because there are security vulnerabilities in there. So, ask your boss which is worse: shuttering the project, or getting a new version of Tomcat into a testing environment?Shutting it down is not an option. So I guess next week will be... interesting. The important thing is this: Will the connector work in this configuration after I updated Tomcat? Or is the issue completely unrelated? Where are the ciphers shown by ssllabs taken from? Is the cipher attribute ignored?Lots of things have been fixed/added in more recent versions of Tomcat 6.0.x. Please give a quick test against Tomcat 6.0.latest: you don't even need to deploy your own web application on it; just configure it for SSL and hit the default web application (the Tomcat documentation), or the examples, or whatever.
Apparently, I need to correct myself a bit. Tomcat6 is installed via the RHEL repositories, the latest version offered by RHEL is 6.0.24:
# yum list tomcat6.x86_64 tomcat6.x86_64 6.0.24-83.el6_6So it seems as if the latest version of tomcat6 is installed already, giving me the cipher suite headaches nonetheless.
Any further ideas? Thanks, Ramon
smime.p7s
Description: S/MIME Cryptographic Signature
