-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Olaf,
On 4/8/16 9:49 AM, Olaf Kock wrote: > Am 08.04.2016 um 15:40 schrieb Kikkeri, Amith: >> Thanks... I will me more detailed. We don't use Apache HTTPD or >> ngnix. It's just tomcat7. Below is my connector configuration. >> >> <Connector port="443" >> protocol="org.apache.coyote.http11.Http11Protocol" >> maxThreads="150" SSLEnabled="true" scheme="https" secure="true" >> clientAuth="false" sslProtocol="TLS" keystoreFile=" " >> keystorePass=" "/> > You'll have to explicitly configure the ciphers. That can be done > by configuring the connector > (https://wiki.apache.org/tomcat/HowTo/SSLCiphers) to use or > prohibit one or the other cipher > (https://wiki.apache.org/tomcat/Security/Ciphers) - or use one of > the links that I've posted in my previous answer. > > I'm typically configuring a HTTPS end point in Apache httpd and > forward to tomcat. I feel that the documentation for explicit > cipher-choice in Apache httpd is a lot better (and more widespread > up to date) than for tomcat, but you definitely can correctly > configure it in tomcat as well. > > I just hope you're not running as root in order to bind to port 443 > - in that case you have different (and bigger) problems. More recent Tomcats support OpenSSL-style ciphersuite configuration (which means the the httpd documentation is valid for configuring the cipher suites). I don't think it's available in Tomcat 7, though. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlcJK8cACgkQ9CaO5/Lv0PBH+wCght1sWDOGrTwXXicU5UU5ChSJ JWQAn1RzugmQ3XofaRqICSob7xdobW/7 =o0+a -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
