https://issues.apache.org/bugzilla/show_bug.cgi?id=55988
Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #31198|0 |1
is obsolete| |
--- Comment #2 from Ognjen Blagojevic <ognjen.d.blagoje...@gmail.com> ---
Created attachment 31272
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31272&action=edit
Patch to add useCipherSuitesOrder to BIO and NIO connectors
Fully functional patch. Here is an example how to use it for BIO (with OpenJDK
1.8.0 B108+ and JCE Unlimited Strength):
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
useCipherSuitesOrder="true"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA" />
To test NIO, just replace Http11Protocol with Http11NioProtocol.
---
You may test Forward Secrecy using
https://www.ssllabs.com/ssltest/
It should report "Forward Secrecy -- Yes (with most browsers)"
---
Note: If you try the same with JDK that does not support
javax.net.SSLParameters.setUseCipherSuitesOrder(boolean) method, it will log:
WARNING [main]
org.apache.tomcat.util.net.jsse.JSSESocketFactory.configureUseCipherSuitesOrder
Method setUseCipherSuitesOrder is not supported by the SSL engine
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
