I wrote:
I mean, I know that I need to get HTTPAPI and Tomcat speaking the same language, but where do I begin?
Christopher Schultz (Tomcat List) wrote:
First, I would check to see what Tomcat is actually advertising. There are several ways to do that. One of them is to use Qualys's SSLLabs server test: https://www.ssllabs.com/ssltest/
Thanks, Mr. Schultz. That gives me a start. Ok, here's what I got back.
Protocols TLS 1.3 No TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 No SSL 2 No
Cipher Suites # TLS 1.2 (server has no preference) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp521r1 (eq. 15360 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp521r1 (eq. 15360 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp521r1 (eq. 15360 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp521r1 (eq. 15360 bits RSA) FS 256 # TLS 1.1 (server has no preference) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp521r1 (eq. 15360 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp521r1 (eq. 15360 bits RSA) FS 256 # TLS 1.0 (server has no preference) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp521r1 (eq. 15360 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp521r1 (eq. 15360 bits RSA) FS 256
I may have known how to determine what HTTPAPI supports, but if so, I've forgotten. Ditto for adding protocols to Tomcat.
As to the client end, it's using HTTPAPI 1.24, running on an AS/400 that's at V6R1.
-- JHHL --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
