Re: [Tomcat Wiki] Update of "Security/Ciphers" by markt

Fri, 06 Mar 2015 04:21:31 -0800 

On 06/03/2015 11:57, Konstantin Kolinko wrote:
> 2015-03-06 14:46 GMT+03:00 Apache Wiki <wikidi...@apache.org>:
>> Dear Wiki user,
>>
>> You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for 
>> change notification.
>>
>> The "Security/Ciphers" page has been changed by markt:
>> https://wiki.apache.org/tomcat/Security/Ciphers
>>
>> Comment:
>> Create page with results for current Tomcat 6 (6.0.44-dev)
>>
>> New page:
>> = TLS Cipher suite choice =
>>
>> There is no right choice since there are always trade-offs to make between 
>> better security better interoperability, better performance etc.. Where you 
>> choose to draw that line is a choice you need to make. The following 
>> information is provided to help you make that choice. The ratings provided 
>> are those calculated by the excellent [[https://www.ssllabs.com/ssltest|SSL 
>> Labs Test]]. Keep in mind that, as more vulnerabilities are discovered, 
>> these ratings are only ever going to get worse over time. The results shown 
>> on this page were correct at the time they were generated.
>>
>> == JSSE (BIO/NIO/NIO2) Results (Default) ==
>>
>> ||          || Java 5 || Java 6 || Java 7 || Java 8 ||
>> || Tomcat 6 ||   C    ||   C    ||   C    ||   B    ||
>> || Tomcat 7 ||  N/A   ||  TBC   ||  TBC   ||  TBC   ||
>> || Tomcat 8 ||  N/A   ||  N/A   ||  TBC   ||  TBC   ||
>>
>>
>> == JSSE (BIO/NIO/NIO2) Results (Improved) ==
>>
>> ||          || Java 5 || Java 6 || Java 7 || Java 8 ||
>> || Tomcat 6 ||   B    ||   B    ||   A-   ||   A   ||
> 
> Maybe list what "weak points" are hilited by the labs test for those
> B, A- results?

Partly because this is a constantly moving target and partly because I'd
rather folks explored this for themselves I'd prefer not to do that.


> IIRC, the SSLLabs tests display some list with items colored in red.

Assuming that a valid certificate is used, the only red is unsupported
clients which - given their age - is to be expected.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to