Ok Thanks for your quick response.Could you please tell me the size of cipher
key mentioned below is it stronger than
1024?ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
> Subject: Re: logjam attacks in tomcat 7
> To: users@tomcat.apache.org
> From: ma...@apache.org
> Date: Thu, 1 Oct 2015 08:59:31 +0200
>
> On 01/10/2015 07:08, Rahul Singh wrote:
> > Yes i know this fix,
> > i just want to know, waht is deafult cipher deatil, in my existing
> > server.xml no cipher parameter value is mentioned.So please help me to
> > understand the same.
>
> To quote the documentation:
>
> <quote>
> By default, the default ciphers for the JVM will be used. Note that this
> usually means that the weak export grade ciphers will be included in the
> list of available ciphers.
> </quote>
>
> If you want to know what that means for the JVM you are using then I
> strongly recommend this site:
>
> https://www.ssllabs.com/ssltest/
>
> Mark
>
>
> >
> >
> >
> >
> >> Date: Thu, 1 Oct 2015 10:26:43 +0530
> >> Subject: Re: logjam attacks in tomcat 7
> >> From: srikanth.hu...@gmail.com
> >> To: users@tomcat.apache.org
> >>
> >> Configuration like mentioned below should be able to resolve your issue:
> >>
> >> <Connector port="{{ https_port }}"
> >> protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
> >> maxThreads="150" scheme="https" secure="true"
> >> keystoreType="JKS" keystoreFile="{{path_to_keystore}}"
> >> keystorePass="{{ keystore_password }}"
> >> clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1,
> >> TLSv1.2"
> >>
> >> ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> >>
> >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
> >>
> >> TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
> >> TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />
> >>
> >> Srikanth Hugar
> >> www.gharki.com
> >>
> >>
> >>
> >> On Thu, Oct 1, 2015 at 10:22 AM, Rahul Singh <rksing...@hotmail.com> wrote:
> >>
> >>> Dear Tomcat Support Team,Thanks for your continuous support.
> >>> In our Application Tomcat V 7.0.54 is used. We are facing the problem of
> >>> "Server has a weak, ephemeral Diffie-Hellman public key
> >>> ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY"
> >>> In chrome browser.
> >>> Tomcat server .xml have following configuration, which does not contain
> >>> chipher, it means it used default cipher.
> >>> ================================================================<Connector
> >>> port="8585" minSpareThreads="5" enableLookups="true"
> >>> redirectPort="8282" acceptCount="32"
> >>> connectionTimeout="60000"/> <Connector port="8282" minSpareThreads="5"
> >>> SSLEnabled="true" enableLookups="true"
> >>> acceptCount="32" scheme="https" secure="true"
> >>> clientAuth="false" sslEnabledProtocols="TLSv1.2"
> >>>
> >>> algorithm="SunX509"/>================================================================
> >>> Underline JAVA is : OpenJDK Runtime Environment (rhel-2.5.5.3.el6-x86_64
> >>> u79-b14)
> >>> So could ypu please assist me to understand the following things.
> >>> 1- What value of default cipher is using in My application.2- Does it
> >>> require to update for working with lates Browser chrome and fixing the
> >>> "Diffie-Hellman" security issue.
> >>> Regards,Rahul kumar Singh
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
