2015-03-06 14:46 GMT+03:00 Apache Wiki <wikidi...@apache.org>: > Dear Wiki user, > > You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for > change notification. > > The "Security/Ciphers" page has been changed by markt: > https://wiki.apache.org/tomcat/Security/Ciphers > > Comment: > Create page with results for current Tomcat 6 (6.0.44-dev) > > New page: > = TLS Cipher suite choice = > > There is no right choice since there are always trade-offs to make between > better security better interoperability, better performance etc.. Where you > choose to draw that line is a choice you need to make. The following > information is provided to help you make that choice. The ratings provided > are those calculated by the excellent [[https://www.ssllabs.com/ssltest|SSL > Labs Test]]. Keep in mind that, as more vulnerabilities are discovered, these > ratings are only ever going to get worse over time. The results shown on this > page were correct at the time they were generated. > > == JSSE (BIO/NIO/NIO2) Results (Default) == > > || || Java 5 || Java 6 || Java 7 || Java 8 || > || Tomcat 6 || C || C || C || B || > || Tomcat 7 || N/A || TBC || TBC || TBC || > || Tomcat 8 || N/A || N/A || TBC || TBC || > > > == JSSE (BIO/NIO/NIO2) Results (Improved) == > > || || Java 5 || Java 6 || Java 7 || Java 8 || > || Tomcat 6 || B || B || A- || A ||
Maybe list what "weak points" are hilited by the labs test for those B, A- results? IIRC, the SSLLabs tests display some list with items colored in red. > || Tomcat 7 || N/A || TBC || TBC || TBC || > || Tomcat 8 || N/A || N/A || TBC || TBC || > > > == JSSE Settings for Improved Results == > > To use these settings, set the ciphers attribute on your secure connector to > the list of ciphers shown below. The list should be comma separated. > > * Java 5 > * TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA > * Java 6 > * TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA > * Java 7 > * TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, > SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA > * Java 8 > * TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA > > > == Environment == > > The results above were generated with: > * Java 5, 64-bit, update 22 > * Java 6, 64-bit, update 45 > * Java 7, 64-bit, update 76 > * Java 8, 64-bit, update 31 > * Apache Tomcat 6.0.44-dev, r1664561. This is after the commit that disabled > SSLv2 and SSLv3. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
