You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Utkarsh Dave <ut...@gmail.com> on 2016/08/17 08:29:11 UTC
A way for user to specify DH parameter to tomcat !
Hi All,
My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS
We have been using BIO connectors.
1. I need help to find out how to provide user specified DH parameter to
tomcat.
2. What all ciphers are categorized under modern ciphers ?
Thanks for your time in advance.
-Utkarsh
Re: A way for user to specify DH parameter to tomcat !
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Utkarsh,
On 8/17/16 4:29 AM, Utkarsh Dave wrote:
> Hi All,
>
> My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on
> linux OS We have been using BIO connectors. 1. I need help to find
> out how to provide user specified DH parameter to tomcat.
I'm not sure you can do this with Tomcat 7. With Tomcat 8, using the
APR connector can use the DH parameters from the certificate file itself
.
https://tomcat.apache.org/tomcat-8.0-doc/config/http.html#SSL_Support
Search for "SSLCertificateFile".
If you are able to use Tomcat 8.5, you can use DH params with any kind
of connector.
https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_
Certificate
Look for "certificateFile".
Note you will need Java 8 to run Tomcat 8.5.
> 2. What all ciphers are categorized under modern ciphers ?
See Violeta's response.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJXtOGvAAoJEBzwKT+lPKRYEuUP/1K2Zs88uKjBBsKAwBRDX1Zk
WUDbTt7c68VK0ahfU0B21DPDHCLa8sN4Ji8yK9pgYzZAE6JfyKOs6hWhO7IgWh0Z
BODN1ux6yHjEc0sZrvkCyUbG9mzp3AYjB7AhqGd48tRJx0QzAmwLpG5HGYjdH/6B
NyCBxADS7k5EOWYe1MmKQPbtgyO2t3wveV6mCTig6EcSm3v4unFgjgHiRNaSZrRc
bvaKvHhPot1gTqZLCoQ1Rpx3RGUse5rqFta8jHsdHf2Tq8aEkyEGk1jggTFOCb8+
lpKNABfdLtFTC4HKSG8VY8c524bisbaJOmzq7fOsXnOIMN7abczQtmGPoEGc+7Vb
gbcGPPuEh0wcvapZGG4L9iYsTB7EIQMGCHAYuhoDHhbEhvJAu5P8xtSkz9flgcJH
3EmNQVqn9IS5CG1Xj8FW/0o34xl86fkMx2lSBT+vRMXX+HwPO2DTnOQh9aKGS9FI
Ayomb97HBnMpgUUDBLjxcF6aKQ+2/CSi/eVdrIcnPU7qgZq8FBRUwUcZ5Q7/sSAN
xsf1Ez1jW+mMAxyX4wIrizDgEXDwnlnr8JCFZtDAKd0x1umX8ZyLzY0gQkacHWV6
1FVy5y62rILOoe+HgTmxhMDRmmcXGz/1FHPjqA+kYo2bjbU8vFdPetDkDO2Liydf
o+jrnbet4VC4hD43fZVJ
=Fkhf
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: A way for user to specify DH parameter to tomcat !
Posted by Utkarsh Dave <ut...@gmail.com>.
Thanks a lot Chris and Violeta.
On Wed, Aug 17, 2016 at 1:59 PM, Utkarsh Dave <ut...@gmail.com>
wrote:
> Hi All,
>
> My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS
> We have been using BIO connectors.
> 1. I need help to find out how to provide user specified DH parameter to
> tomcat.
> 2. What all ciphers are categorized under modern ciphers ?
>
> Thanks for your time in advance.
>
> -Utkarsh
>
Re: A way for user to specify DH parameter to tomcat !
Posted by Utkarsh Dave <ut...@gmail.com>.
Thanks.
By DH I mean "Diffie-Hellman parameters (secure DH-Cipher)".
On Wed, Aug 17, 2016 at 3:31 PM, Violeta Georgieva <vi...@apache.org>
wrote:
> Hi,
>
> 2016-08-17 11:29 GMT+03:00 Utkarsh Dave <ut...@gmail.com>:
> >
> > Hi All,
> >
> > My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS
> > We have been using BIO connectors.
> > 1. I need help to find out how to provide user specified DH parameter to
> > tomcat.
> > 2. What all ciphers are categorized under modern ciphers ?
>
> Look at these pages
> http://wiki.apache.org/tomcat/Security/Ciphers
> http://wiki.apache.org/tomcat/HowTo/SSLCiphers
>
> Regards,
> Violeta
>
> >
> > Thanks for your time in advance.
> >
> > -Utkarsh
>
Re: A way for user to specify DH parameter to tomcat !
Posted by Violeta Georgieva <vi...@apache.org>.
Hi,
2016-08-17 11:29 GMT+03:00 Utkarsh Dave <ut...@gmail.com>:
>
> Hi All,
>
> My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS
> We have been using BIO connectors.
> 1. I need help to find out how to provide user specified DH parameter to
> tomcat.
> 2. What all ciphers are categorized under modern ciphers ?
Look at these pages
http://wiki.apache.org/tomcat/Security/Ciphers
http://wiki.apache.org/tomcat/HowTo/SSLCiphers
Regards,
Violeta
>
> Thanks for your time in advance.
>
> -Utkarsh
AW: A way for user to specify DH parameter to tomcat !
Posted by "Kreuser, Peter" <pk...@airplus.com>.
Hi Utkarsh
>Von: Utkarsh Dave [mailto:utkarshkdave@gmail.com]
>Gesendet: Donnerstag, 18. August 2016 08:18
>An: Tomcat Users List
>Betreff: Re: A way for user to specify DH parameter to tomcat !
>
>Thanks a lot Chris and Violeta.
>
>On Wed, Aug 17, 2016 at 1:59 PM, Utkarsh Dave <ut...@gmail.com>
>wrote:
>
>> Hi All,
>>
>> My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS
>> We have been using BIO connectors.
>> 1. I need help to find out how to provide user specified DH parameter to
>> tomcat.
>> 2. What all ciphers are categorized under modern ciphers ?
>>
>> Thanks for your time in advance.
>>
>> -Utkarsh
>>
You probably won't be able to set a higher DH Key Size than 1024bit on Java 7. With your java version at least the default is 1024bit. With Java 8 you can add the -D option (-Djdk.tls.ephemeralDHKeySize=2048) to the CATALINA_OPTS (in bin/setenv.sh).
Best regards.
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org