https://issues.apache.org/bugzilla/show_bug.cgi?id=55988
Bug ID: 55988
Summary: Add parameter useCipherSuitesOrder to JSSE (BIO and
NIO) connectors
Product: Tomcat 8
Version: trunk
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: ognjen.d.blagoje...@gmail.com
Starting with Oracle Java 1.8.0 B108, JSSE supports server-side cipher ordering
[1]. Server-side cipher ordering is useful for enabling Forward Secrecy and for
preventing certain attacks. Appropriate JSSE parameter is called
useCipherSuitesOrder [2].
Is it possible to add that same attribute to Tomcat JSSE connectors?
The problem is that parameter useCipherSuitesOrder is only available starting
with Java 1.8 B108, while Tomcat 8 requires only Java 1.7. Therefore the
proposal is, if Tomcat 8:
(a) runs using Java 1.7 / 1.8 pre-B108, parameter useCipherSuitesOrder would be
ignored, and if
(b) runs using Java 1.8 B108+, JSSE parameter useCipherSuitesOrder would be
appropriately set.
It might be a precedence to support parameter from non-required version of
Java, albeit -- due to the usefulness of such configuration option -- it might
be worthwhile considering.
Note that similar attribute already exists for APR connector --
SSLHonorCipherOrder.
-Ognjen
[1] https://bugs.openjdk.java.net/browse/JDK-7188657
[2]
http://download.java.net/jdk8/docs/api/javax/net/ssl/SSLParameters.html#setUseCipherSuitesOrder-boolean-
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
