Re: configuring ciphers for SSL Labs server test

2018-05-22 Thread logo
ed? Mark On Thu, May 10, 2018 at 11:23:44PM +, Scott Hoenigman wrote: Are you using a load balancer? Sent from my T-Mobile 4G LTE Device Original message From: David Wall Date: 5/10/18 6:15 PM (GMT-06:00) To: users@tomcat.apache.org Subject: Re: configuring ciphers

Re: configuring ciphers for SSL Labs server test

2018-05-11 Thread Baron Fujimoto
used? > >Mark > > >> >> On Thu, May 10, 2018 at 11:23:44PM +, Scott Hoenigman wrote: >>> Are you using a load balancer? >>> >>> >>> >>> Sent from my T-Mobile 4G LTE Device >>> >>> >>> ---- Original m

RE: configuring ciphers for SSL Labs server test

2018-05-11 Thread charlie arehart
Also, Baron, about the URL you're testing on your site via by SSLLabs: is that really one being served by Tomcat's web server? That's whose connector you're showing here. If instead you are fronting/proxying Tomcat with Apache or IIS, then my understanding is that the SSL support is handled b

Re: configuring ciphers for SSL Labs server test

2018-05-10 Thread Mark Thomas
, Scott Hoenigman wrote: >> Are you using a load balancer? >> >> >> >> Sent from my T-Mobile 4G LTE Device >> >> >> Original message >> From: David Wall >> Date: 5/10/18 6:15 PM (GMT-06:00) >> To: users@tomcat.apache

Re: configuring ciphers for SSL Labs server test

2018-05-10 Thread Baron Fujimoto
t; > Original message >From: David Wall >Date: 5/10/18 6:15 PM (GMT-06:00) >To: users@tomcat.apache.org >Subject: Re: configuring ciphers for SSL Labs server test > >We're doing good with this: > > protocols="TLSv1.1, TLSv1.2" honorCip

Re: configuring ciphers for SSL Labs server test

2018-05-10 Thread Scott Hoenigman
Are you using a load balancer? Sent from my T-Mobile 4G LTE Device Original message From: David Wall Date: 5/10/18 6:15 PM (GMT-06:00) To: users@tomcat.apache.org Subject: Re: configuring ciphers for SSL Labs server test We're doing good with this: On 5/

Re: configuring ciphers for SSL Labs server test

2018-05-10 Thread David Wall
We're doing good with this:     protocols="TLSv1.1, TLSv1.2" honorCipherOrder="true" ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE

configuring ciphers for SSL Labs server test

2018-05-10 Thread Baron Fujimoto
I'm trying to improve our grade on SSL Labs SSL server test[1] for our Tomcat configuraton. Currently, their report caps our grade at B because, "This server does not support Authenticated encryption (AEAD) cipher suites". They report that we support the following cipher suites: # TLS 1.2 TLS_ECDH