On 20/05/2016 12:04, Jan Dosoudil wrote: > Hi, > do you have Java Cryptography Extension (JCE) Unlimited Strength > Jurisdiction Policy Files installed?
Irrelevant. The OP is using APR / OpenSSL. The available ciphers are controlled by the SSLCipherSuite which follows the OpenSSL config rules for ciphers. You can set SSLHonorCipherOrder to enforce the server's preference order if you wish. Mark > > JD > > 2016-05-20 12:50 GMT+02:00 Utkarsh Dave <utkarshkd...@gmail.com>: > >> Sorry, I missed that information in my earlier mail. >> Tomcat - 7.0.69 configured for SSL >> Connector - APR >> Java - jdk1.7.0_101 >> >> >> On Fri, May 20, 2016 at 4:10 PM, Mark Thomas <ma...@apache.org> wrote: >> >>> On 20/05/2016 11:37, Utkarsh Dave wrote: >>>> Hi Users and Tomcat team, >>>> >>>> Port 8443 on my product is configured for Tomcat and accepts inbound >>>> traffic from 3rd parties. >>>> In the TLS handshake, Tomcat chooses TLS_RSA_WITH_AES_256_CBC_SHA over >>> some >>>> of the more secure cipher options offered by the 3rd party. The >>>> 3rd party offers a list of 66 cipher suites that include many >>>> ECDHE and DHE variants. Tomcat configured on my product preferred >> cipher >>>> suite is AES256-SHA. >>>> Can The tomcat be configured for ECDHE and DHE suites must be >>>> available and preferred? >>> >>> Tomcat version? >>> >>> Connector type? >>> >>> Java version? >>> >>> Mark >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org