Hi Mark - Thanks. SSLHonorCipherOrder, cna it be configured on Tomcat ? -thanks
On Fri, May 20, 2016 at 4:42 PM, Mark Thomas <ma...@apache.org> wrote: > On 20/05/2016 12:04, Jan Dosoudil wrote: > > Hi, > > do you have Java Cryptography Extension (JCE) Unlimited Strength > > Jurisdiction Policy Files installed? > > Irrelevant. The OP is using APR / OpenSSL. > > The available ciphers are controlled by the SSLCipherSuite which follows > the OpenSSL config rules for ciphers. > > You can set SSLHonorCipherOrder to enforce the server's preference order > if you wish. > > Mark > > > > > > JD > > > > 2016-05-20 12:50 GMT+02:00 Utkarsh Dave <utkarshkd...@gmail.com>: > > > >> Sorry, I missed that information in my earlier mail. > >> Tomcat - 7.0.69 configured for SSL > >> Connector - APR > >> Java - jdk1.7.0_101 > >> > >> > >> On Fri, May 20, 2016 at 4:10 PM, Mark Thomas <ma...@apache.org> wrote: > >> > >>> On 20/05/2016 11:37, Utkarsh Dave wrote: > >>>> Hi Users and Tomcat team, > >>>> > >>>> Port 8443 on my product is configured for Tomcat and accepts inbound > >>>> traffic from 3rd parties. > >>>> In the TLS handshake, Tomcat chooses TLS_RSA_WITH_AES_256_CBC_SHA over > >>> some > >>>> of the more secure cipher options offered by the 3rd party. The > >>>> 3rd party offers a list of 66 cipher suites that include many > >>>> ECDHE and DHE variants. Tomcat configured on my product preferred > >> cipher > >>>> suite is AES256-SHA. > >>>> Can The tomcat be configured for ECDHE and DHE suites must be > >>>> available and preferred? > >>> > >>> Tomcat version? > >>> > >>> Connector type? > >>> > >>> Java version? > >>> > >>> Mark > >>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>> > >>> > >> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
