https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
--- Comment #7 from Rainer Jung <rainer.j...@kippdata.de> ---
It is in 1.2.2, but the change had already also been backported to the 1.1
branch for the forthcoming 1.1.34.
The changelog of 1.2.2 starts on top of 1.1 but unfirtunately not on top of the
last released 1.1.33 but the 1.1. changelog as it was when 1.2.0 was cut.
So some changes are missing in the changelog for 1.2.2. Especially:
<update>
Unconditionally disable export Ciphers. Use the
configure flag --enable-insecure-export-ciphers
for a custom build supporting those insecure ciphers.
(rjung)
</update>
<update>
Improve ephemeral key handling for DH and ECDH.
Parameter strength is by default derived from the
certificate key strength. It can be overwritten
by embedding custom parameters in the certificate
file configured with <code>SSLCertificateFile</code>. (rjung)
</update>
The second one is the one you are looking for.
It works the same way as in Apache httpd mod_ssl.
Regards,
Rainer
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
