Robert,
On 6/2/15 10:40 AM, Robert Paasche wrote:
> Hi,
>
> I'm using tcnativ with:
> SSLCipherSuite="EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:+3DES:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:!RC4:!CAMELLIA:!SEED:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP"
>
> To gen
Hi,
I'm using tcnativ with:
SSLCipherSuite="EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:+3DES:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:!RC4:!CAMELLIA:!SEED:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP"
To generate a List of ciphers for your usecase simply do:
openssl ci
I ran a ssl scan utility on my Tomcat server and see it allows alot of
SSLv3 and RC4 Ciphers along with a number of others. I'm told the SSLv3 and
RC4 are not allowed and that I should only be using TLS ciphers.
Adding registry keys has no effect. Modifying the server.xml file does.
I figured
