Hello,
I would like to disable low grade encryption in Tomcat.
I have cert that uses 256/1024bit encryption with Apache but same cert
with tomcat uses
128/768bit encryption.
The problem is public key size 768 bit that is no more considered secure
by Opera.
The problem was discussed here.
http://forum.java.sun.com/thread.jspa?threadID=5247000&messageID=10019756
It happens due to Diffie-Hellman algorythm that is advised to be
disabled to avoid the problem.
I did as advised. I added TLS_RSA_WITH_AES_256_CBC_SHA to JAVA_OPTS
-Dhttps.cipherSuite
and ciphers attribute in <Connector> in server.xml
Nothing changed after tomcat restart.
I also checked catalina.out and there is no errors or other information
about encryption.
It seems Tomcat ignores these settings.
Please, help.
Thank You,
Max
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
