On 01/10/2015 07:08, Rahul Singh wrote: > Yes i know this fix, > i just want to know, waht is deafult cipher deatil, in my existing server.xml > no cipher parameter value is mentioned.So please help me to understand the > same.
To quote the documentation: <quote> By default, the default ciphers for the JVM will be used. Note that this usually means that the weak export grade ciphers will be included in the list of available ciphers. </quote> If you want to know what that means for the JVM you are using then I strongly recommend this site: https://www.ssllabs.com/ssltest/ Mark > > > > >> Date: Thu, 1 Oct 2015 10:26:43 +0530 >> Subject: Re: logjam attacks in tomcat 7 >> From: srikanth.hu...@gmail.com >> To: users@tomcat.apache.org >> >> Configuration like mentioned below should be able to resolve your issue: >> >> <Connector port="{{ https_port }}" >> protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" >> maxThreads="150" scheme="https" secure="true" >> keystoreType="JKS" keystoreFile="{{path_to_keystore}}" >> keystorePass="{{ keystore_password }}" >> clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, >> TLSv1.2" >> >> ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, >> >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, >> >> TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, >> TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" /> >> >> Srikanth Hugar >> www.gharki.com >> >> >> >> On Thu, Oct 1, 2015 at 10:22 AM, Rahul Singh <rksing...@hotmail.com> wrote: >> >>> Dear Tomcat Support Team,Thanks for your continuous support. >>> In our Application Tomcat V 7.0.54 is used. We are facing the problem of >>> "Server has a weak, ephemeral Diffie-Hellman public key >>> ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY" >>> In chrome browser. >>> Tomcat server .xml have following configuration, which does not contain >>> chipher, it means it used default cipher. >>> ================================================================<Connector >>> port="8585" minSpareThreads="5" enableLookups="true" >>> redirectPort="8282" acceptCount="32" >>> connectionTimeout="60000"/> <Connector port="8282" minSpareThreads="5" >>> SSLEnabled="true" enableLookups="true" >>> acceptCount="32" scheme="https" secure="true" >>> clientAuth="false" sslEnabledProtocols="TLSv1.2" >>> >>> algorithm="SunX509"/>================================================================ >>> Underline JAVA is : OpenJDK Runtime Environment (rhel-2.5.5.3.el6-x86_64 >>> u79-b14) >>> So could ypu please assist me to understand the following things. >>> 1- What value of default cipher is using in My application.2- Does it >>> require to update for working with lates Browser chrome and fixing the >>> "Diffie-Hellman" security issue. >>> Regards,Rahul kumar Singh > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
