Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers Comment: Create page with results for current Tomcat 6 (6.0.44-dev) New page: = TLS Cipher suite choice = There is no right choice since there are always trade-offs to make between better security better interoperability, better performance etc.. Where you choose to draw that line is a choice you need to make. The following information is provided to help you make that choice. The ratings provided are those calculated by the excellent [[https://www.ssllabs.com/ssltest|SSL Labs Test]]. Keep in mind that, as more vulnerabilities are discovered, these ratings are only ever going to get worse over time. The results shown on this page were correct at the time they were generated. == JSSE (BIO/NIO/NIO2) Results (Default) == || || Java 5 || Java 6 || Java 7 || Java 8 || || Tomcat 6 || C || C || C || B || || Tomcat 7 || N/A || TBC || TBC || TBC || || Tomcat 8 || N/A || N/A || TBC || TBC || == JSSE (BIO/NIO/NIO2) Results (Improved) == || || Java 5 || Java 6 || Java 7 || Java 8 || || Tomcat 6 || B || B || A- || A || || Tomcat 7 || N/A || TBC || TBC || TBC || || Tomcat 8 || N/A || N/A || TBC || TBC || == JSSE Settings for Improved Results == To use these settings, set the ciphers attribute on your secure connector to the list of ciphers shown below. The list should be comma separated. * Java 5 * TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA * Java 6 * TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA * Java 7 * TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA * Java 8 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA == Environment == The results above were generated with: * Java 5, 64-bit, update 22 * Java 6, 64-bit, update 45 * Java 7, 64-bit, update 76 * Java 8, 64-bit, update 31 * Apache Tomcat 6.0.44-dev, r1664561. This is after the commit that disabled SSLv2 and SSLv3. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
