https://issues.apache.org/bugzilla/show_bug.cgi?id=55988
--- Comment #1 from Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com> --- Created attachment 31198 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31198&action=edit Proof of concept patch Here is initial patch to prove the concept. This patch will always try to set parameter useCipherSuitesOrder using reflection. To test it: (1) Install JDK 1.8.0 EA (must be B108+, tested with B121) [1] (2) Install Java 7 JCE Unlimited Strength (it also works with JDK 1.8.0 EA) [2] (3) Apply patch, build Tomcat (4) Add JSSE Connector configuration to server.xml: <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA" /> (5) Start Tomcat. Forward Secrecy is enabled (on all clients that support it) -Ognjen [1] https://jdk8.java.net/download.html [2] http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
