[Bug 55988] Add parameter useCipherSuitesOrder to JSSE (BIO and NIO) connectors

[bu...@apache.org]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55988

--- Comment #1 from Ognjen Blagojevic <og...@gmail.com> ---
Created attachment 31198
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=31198&action=edit
Proof of concept patch

Here is initial patch to prove the concept. This patch will always try to set
parameter useCipherSuitesOrder using reflection.

To test it:

(1) Install JDK 1.8.0 EA (must be B108+, tested with B121) [1]
(2) Install Java 7 JCE Unlimited Strength (it also works with JDK 1.8.0 EA) [2]
(3) Apply patch, build Tomcat
(4) Add JSSE Connector configuration to server.xml:

    <Connector port="443" 
               protocol="org.apache.coyote.http11.Http11Protocol"
               SSLEnabled="true"
               maxThreads="150" 
               scheme="https" 
               secure="true"
               clientAuth="false" 
               sslProtocol="TLS" 
               ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                        TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
                        TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
                        TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
                        TLS_RSA_WITH_AES_256_CBC_SHA256,
                        TLS_RSA_WITH_AES_256_CBC_SHA,
                        SSL_RSA_WITH_3DES_EDE_CBC_SHA" />

(5) Start Tomcat. Forward Secrecy is enabled (on all clients that support it)

-Ognjen

[1] https://jdk8.java.net/download.html
[2]
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org