Jack Ashburn wrote: > Hi, > > I'm configuring my Tomcat server so that it uses a "strong" cipher for > SSL. From the docs in both Tomcat 4.1 and 5.0, the "ciphers" attribute > for the "connector" element in server.xml accepts "A comma seperated > [sic] list of the encryption ciphers that may be used. If not > specified, then any available cipher may be used." > > My questions are: > > 1. When the "ciphers" attribute is not specified, how does Tomcat > choose the cipher to use from the "any available cipher[s]"?
It doesn't, it takes whatever the default is. This may vary depending on JDK version, vendor etc. Look at the relevant docs to see which it is for your platform. > 2. Why doesn't Tomcat choose the strongest available ciphers from > what's made available to the Java runtime? Because generally the stronger the algorithm, the greater the processing overhead. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
