You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2014/01/11 17:43:11 UTC
[Bug 55988] Add parameter useCipherSuitesOrder to JSSE (BIO and NIO)
connectors
https://issues.apache.org/bugzilla/show_bug.cgi?id=55988
--- Comment #1 from Ognjen Blagojevic <og...@gmail.com> ---
Created attachment 31198
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31198&action=edit
Proof of concept patch
Here is initial patch to prove the concept. This patch will always try to set
parameter useCipherSuitesOrder using reflection.
To test it:
(1) Install JDK 1.8.0 EA (must be B108+, tested with B121) [1]
(2) Install Java 7 JCE Unlimited Strength (it also works with JDK 1.8.0 EA) [2]
(3) Apply patch, build Tomcat
(4) Add JSSE Connector configuration to server.xml:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA" />
(5) Start Tomcat. Forward Secrecy is enabled (on all clients that support it)
-Ognjen
[1] https://jdk8.java.net/download.html
[2]
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org