You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chad Joubert <ch...@gmail.com> on 2006/02/23 22:52:12 UTC
Tomcat 4 - Disable low level cipher
Hello,
I am working at a site and trying to disable the support for low encryption
ciphers, while still maintaining Medium and High encryption. This is for a
stand-alone Tomcat 4.1. I do not want to change to Tomcat 5. I have tried
several different string combinations using commas and collon dilimiters in
the server.xml file (ciphers=3D"*
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM*") but nothing seem=
s
to be working. I have searched and found a couple other people asking the
same question but no solutions.
I need some new ideas or at least a direction to head in.
Thanks,
Chad
Re: Tomcat 4 - Disable low level cipher
Posted by Chad Joubert <ch...@gmail.com>.
Mark,
Thank you for your help I am trying the names from the site you gave me
without the best results. It takes time to restart and evaluate whether it
worked or not. Is there a quidck way to tell what encryption is being
used. I am using a third party scan. Also, could you give me a example
string to go off of?
Thank you,
Chad
On 2/23/06, Mark Thomas <ma...@apache.org> wrote:
>
> Chad Joubert wrote:
> > I have tried
> > several different string combinations using commas and collon dilimiters
> in
> > the server.xml file (ciphers=3D"*
> > ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM*") but nothing
> seem=
> > s
> > to be working. I have searched and found a couple other people asking
> the
> > same question but no solutions.
>
> These are not the Java names for the cipher suites (I think they might
> be from openssl). You need to use the ones in
> http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html
>
> The list should be comma delimiited.
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Tomcat 4 - Disable low level cipher
Posted by Mark Thomas <ma...@apache.org>.
Bill Barker wrote:
> Urm, I think you're dreaming of TC 3 or 5 ;-).
>
> TC 4 only allows a limited set of the possible Coyote-SSL settings, and
> ciphers isn't one of them (mostly from lack of interest from anybody to port
> the forward-all-attributes logic to TC 4 :).
Sorry, I could have sworn this was in 4 as it was pretty much the
first thing I ever contributed. I'll add this (forward all attributes)
to my list of things to do in 4.1.32
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 4 - Disable low level cipher
Posted by Bill Barker <wb...@wilshire.com>.
"Mark Thomas" <ma...@apache.org> wrote in message
news:43FE30E9.3030909@apache.org...
> Chad Joubert wrote:
>> I have tried
>> several different string combinations using commas and collon dilimiters
>> in
>> the server.xml file (ciphers=3D"*
>> ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM*") but nothing
>> seem=
>> s
>> to be working. I have searched and found a couple other people asking
>> the
>> same question but no solutions.
>
> These are not the Java names for the cipher suites (I think they might
> be from openssl). You need to use the ones in
> http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html
>
> The list should be comma delimiited.
>
Urm, I think you're dreaming of TC 3 or 5 ;-).
TC 4 only allows a limited set of the possible Coyote-SSL settings, and
ciphers isn't one of them (mostly from lack of interest from anybody to port
the forward-all-attributes logic to TC 4 :).
> Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 4 - Disable low level cipher
Posted by Mark Thomas <ma...@apache.org>.
Chad Joubert wrote:
> I have tried
> several different string combinations using commas and collon dilimiters in
> the server.xml file (ciphers=3D"*
> ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM*") but nothing seem=
> s
> to be working. I have searched and found a couple other people asking the
> same question but no solutions.
These are not the Java names for the cipher suites (I think they might
be from openssl). You need to use the ones in
http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html
The list should be comma delimiited.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org