Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Security/Ciphers" page has been changed by OgnjenBlagojevic: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff&rev1=6&rev2=7 There is no right choice since there are always trade-offs to make between better security better interoperability, better performance etc.. Where you choose to draw that line is a choice you need to make. The following information is provided to help you make that choice. The ratings provided are those calculated by the excellent [[https://www.ssllabs.com/ssltest|SSL Labs Test]]. Keep in mind that, as more vulnerabilities are discovered, these ratings are only ever going to get worse over time. The results shown on this page were correct at the time they were generated. - As of May 2015, 1024-bit DHE is [[https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html|considered]] [[https://weakdh.org/imperfect-forward-secrecy.pdf|breakable]] by nation-state adversaries. 2048-bit DHE is recommended. 2048-bit DHE may be configured with JSSE using JVM parameter, while latest released version of Apache Tomcat Native Library (1.1.33) does not support 2048-bit DHE. You may track native support [[https://bz.apache.org/bugzilla/show_bug.cgi?id=56108|here]] + As of May 2015, 1024-bit DHE is [[https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html|considered]] [[https://weakdh.org/imperfect-forward-secrecy.pdf|breakable]] by nation-state adversaries. 2048-bit DHE is recommended. 2048-bit DHE may be configured with JSSE connectors (BIO, NIO, NIO2) using JVM parameter, and for APR connector Apache Tomcat Native Library 1.2.2 (or later) should be used. == JSSE (BIO/NIO/NIO2) Results (Default) == --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
