https://bz.apache.org/bugzilla/show_bug.cgi?id=67628
--- Comment #14 from Mark Thomas <ma...@apache.org> --- Hmm. I think we need to move the ciphers part of this discussion to the users list. With a recent version of OpenSSL, Tomcat's default returns 112 ciphers. Adding ":-DH" reduces that to 83 and adding ":-DH:+ECDH" makes no difference compared to just to ":-DH". Looking at what "DH" and "ECDH" return on their own, I think you might want to look at your cipher configuration. I get an SSL Labs rating of "A" with Tomcat's default ciphers for Tomcat 11 + Java 21 (OpenSSl and JSSE), Tomcat 8 + Java 11 (OpenSSL and JSSE), Tomcat 8 + Java 8 (JSSE) Looking at the results from SSL Labs, adding ":-CBC" looks like something worth considering. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
