Thanks, Arthur
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Is anyone aware of a way to mitigate the Logjam attack with tomcat 7 and
java 7? I use tcnative and openssl-1.0.2a both compiled from source in
production today, but I would be open to JSSE too. I believe I need
Java 8 to mitigate CVE-2015-4000 with JSSE. I don't see anyway to use a
unique 2048-bit or greater DH group with tcnative currently. I'm not
sure if there is anything I can do at compile time. I'd rather not
change the cipher suites as I want to maintain browser support. My
server configuration passed the Qualys SSL Server Test with flying
colors until Logjam, so I would be worried about regressions on other
security fixes if I used JSSE.
- tcnative CVE-2015-4000 (Logjam) Arthur Ramsey
- Re: tcnative CVE-2015-4000 (Logjam) Christopher Schultz
- Re: tcnative CVE-2015-4000 (Logjam) Arthur Ramsey
- Re: tcnative CVE-2015-4000 (Logjam) Christopher Schultz
- Re: tcnative CVE-2015-4000 (Logjam) Rainer Jung
- Re: tcnative CVE-2015-4000 (Logj... Christopher Schultz
- Re: tcnative CVE-2015-4000 (Logjam) Arthur Ramsey
- Re: tcnative CVE-2015-4000 (Logjam) Arthur Ramsey
- Re: tcnative CVE-2015-4000 (Logj... Christopher Schultz
- Re: tcnative CVE-2015-4000 (... Arthur Ramsey
- Re: tcnative CVE-2015-40... Mark Thomas
