You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Matej Kafadar <ma...@setcce.org> on 2005/03/09 14:50:54 UTC

tomcat 4.1.x with jdk1.4.2 ssl certificate(4096-key length) support - again

Hello,

I have allready sent this question in user mail group, but there was no 
response, so I try lucky here. I would be happy if some expert or some 
who allready solved this problem, give me answer or hint about this.

Repeted qouestion:

is it possible to have tomcat 4.1.x running with jdk1.4.2 and have SSL 
with client authentication(client has certificate issued by CA which has 
certificate with public key length of 4096 bit)?

Java 1.4 doesn't support rsa key size of 4096 (only to 2084). With 
keytool you aren't able to import certificate(4096) to cacerts. I 
instaled BouncyCastle provider(which support 4096 key). Only when I set 
it to be default provider, I manageed to import certificate(4096) to 
cacerts. TomCat doesn't work if default provider isn't SUN, so ssl 
doesn't work even with smaller keys.

I solved this problem by installing jdk1.5 which doesn't have problems 
with certificate(4096) and TomCat works fine.

But I really want to have jdk1.4 and certificate(4096) support.

Does anybody know how to solve this problem, or how to configure jdk1.4 
to support certificate(4096)?


I'm lokking forward for any response.

Thanks


Best regards

	Matej

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

Re: tomcat 4.1.x with jdk1.4.2 ssl certificate(4096-key length) support - again

Posted by Matej Kafadar <ma...@setcce.org>.

Bruce, thanks for response.

I know java has problem. Tomcat is here because I would like to have 
tomcat with SSL (with rsa key 4096 length support).
I installed unlimited JCE strength and problem stil exist.
Can anyone confirm "does Java 1.4 support 4096 RSA key size or only 2048".

Best regards

	Matej

Bruce Keats wrote:
> Having looked at this issue just reciently, I believe the root cause
> of the problem is fact that your version of Java 1.4.2 is the exported
> restricted version from SUN.  By going to JDK 1.5, you have
> demonstrated that problem is not with tomcat, but with JAVA itself. 
> Check out the section titled "How to Make Applications "Exempt" from
> Cryptographic Restrictions" in "JavaTM Cryptography Extension (JCE)
> Reference Guide"
> 
> http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html
> 
> Bruce
> 
> 
> On Wed, 09 Mar 2005 14:50:54 +0100, Matej Kafadar <ma...@setcce.org> wrote:
> 
>>Hello,
>>
>>I have allready sent this question in user mail group, but there was no
>>response, so I try lucky here. I would be happy if some expert or some
>>who allready solved this problem, give me answer or hint about this.
>>
>>Repeted qouestion:
>>
>>is it possible to have tomcat 4.1.x running with jdk1.4.2 and have SSL
>>with client authentication(client has certificate issued by CA which has
>>certificate with public key length of 4096 bit)?
>>
>>Java 1.4 doesn't support rsa key size of 4096 (only to 2084). With
>>keytool you aren't able to import certificate(4096) to cacerts. I
>>instaled BouncyCastle provider(which support 4096 key). Only when I set
>>it to be default provider, I manageed to import certificate(4096) to
>>cacerts. TomCat doesn't work if default provider isn't SUN, so ssl
>>doesn't work even with smaller keys.
>>
>>I solved this problem by installing jdk1.5 which doesn't have problems
>>with certificate(4096) and TomCat works fine.
>>
>>But I really want to have jdk1.4 and certificate(4096) support.
>>
>>Does anybody know how to solve this problem, or how to configure jdk1.4
>>to support certificate(4096)?
>>
>>I'm lokking forward for any response.
>>
>>Thanks
>>
>>Best regards
>>
>>       Matej
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

Re: tomcat 4.1.x with jdk1.4.2 ssl certificate(4096-key length) support - again

Posted by Bruce Keats <br...@gmail.com>.

Having looked at this issue just reciently, I believe the root cause
of the problem is fact that your version of Java 1.4.2 is the exported
restricted version from SUN.  By going to JDK 1.5, you have
demonstrated that problem is not with tomcat, but with JAVA itself. 
Check out the section titled "How to Make Applications "Exempt" from
Cryptographic Restrictions" in "JavaTM Cryptography Extension (JCE)
Reference Guide"

http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html

Bruce


On Wed, 09 Mar 2005 14:50:54 +0100, Matej Kafadar <ma...@setcce.org> wrote:
> Hello,
> 
> I have allready sent this question in user mail group, but there was no
> response, so I try lucky here. I would be happy if some expert or some
> who allready solved this problem, give me answer or hint about this.
> 
> Repeted qouestion:
> 
> is it possible to have tomcat 4.1.x running with jdk1.4.2 and have SSL
> with client authentication(client has certificate issued by CA which has
> certificate with public key length of 4096 bit)?
> 
> Java 1.4 doesn't support rsa key size of 4096 (only to 2084). With
> keytool you aren't able to import certificate(4096) to cacerts. I
> instaled BouncyCastle provider(which support 4096 key). Only when I set
> it to be default provider, I manageed to import certificate(4096) to
> cacerts. TomCat doesn't work if default provider isn't SUN, so ssl
> doesn't work even with smaller keys.
> 
> I solved this problem by installing jdk1.5 which doesn't have problems
> with certificate(4096) and TomCat works fine.
> 
> But I really want to have jdk1.4 and certificate(4096) support.
> 
> Does anybody know how to solve this problem, or how to configure jdk1.4
> to support certificate(4096)?
> 
> I'm lokking forward for any response.
> 
> Thanks
> 
> Best regards
> 
>        Matej
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org