You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2005/07/17 14:45:47 UTC

DO NOT REPLY [Bug 35765] - make the SSL cipher config in server.xml fail safe, i.e. 128+ bit strength by default

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35765>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=35765


hauser@acm.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|make the SSL cipher config  |make the SSL cipher config
                   |in web.xml fail safe, i.e.  |in server.xml fail safe,
                   |128+ bit strength by default|i.e. 128+ bit strength by
                   |                            |default




------- Additional Comments From hauser@acm.org  2005-07-17 14:45 -------
for jdk1.5, I guess this could be a list to start with: 
public static String
MEDIUM_HIGH="SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_RC4_128_SHA,
         SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA,
         SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA,
         SSL_DH_anon_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA,
         SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,
         TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
         TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
         TLS_DH_anon_WITH_AES_128_CBC_SHA,TLS_DH_anon_WITH_AES_256_CBC_SHA,
         TLS_KRB5_WITH_3DES_EDE_CBC_MD5,TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
         TLS_KRB5_WITH_RC4_128_MD5,  TLS_KRB5_WITH_RC4_128_SHA,
         TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA";

obviously, there should be also a keyword "ALL" that equals to 
   sslProxy.getSupportedCipherSuites()

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org