On 20/05/2016 12:04, Jan Dosoudil wrote:
> Hi,
> do you have Java Cryptography Extension (JCE) Unlimited Strength
> Jurisdiction Policy Files installed?

Irrelevant. The OP is using APR / OpenSSL.

The available ciphers are controlled by the SSLCipherSuite which follows
the OpenSSL config rules for ciphers.

You can set SSLHonorCipherOrder to enforce the server's preference order
if you wish.

Mark


> 
> JD
> 
> 2016-05-20 12:50 GMT+02:00 Utkarsh Dave <utkarshkd...@gmail.com>:
> 
>> Sorry, I missed that information in my earlier mail.
>> Tomcat - 7.0.69 configured for SSL
>> Connector - APR
>> Java -  jdk1.7.0_101
>>
>>
>> On Fri, May 20, 2016 at 4:10 PM, Mark Thomas <ma...@apache.org> wrote:
>>
>>> On 20/05/2016 11:37, Utkarsh Dave wrote:
>>>> Hi Users and Tomcat team,
>>>>
>>>> Port 8443 on my product is configured for Tomcat and accepts inbound
>>>> traffic from 3rd parties.
>>>> In the TLS handshake, Tomcat chooses TLS_RSA_WITH_AES_256_CBC_SHA over
>>> some
>>>> of the more secure cipher options offered by the 3rd party. The
>>>> 3rd party offers a list of 66 cipher suites that include many
>>>> ECDHE and DHE variants. Tomcat configured on my product preferred
>> cipher
>>>> suite is AES256-SHA.
>>>> Can The tomcat be configured for ECDHE and DHE suites must be
>>>> available and preferred?
>>>
>>> Tomcat version?
>>>
>>> Connector type?
>>>
>>> Java version?
>>>
>>> Mark
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to