You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2004/06/20 12:55:38 UTC

DO NOT REPLY [Bug 29695] New: - regression in SSL cipher strength

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=29695>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=29695

regression in SSL cipher strength

           Summary: regression in SSL cipher strength
           Product: Tomcat 5
           Version: 5.0.24
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Connector:Coyote
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: hauser@acm.org


4.1.24 through 4.1.27 nicely negotiated AES256 with my recent Mozilla browser.

now that I am on 5.024, I only get AES-128

(irrespective of whether the
className="org.apache.coyote.tomcat5.CoyoteConnector" is present - in the sample
server.xml that attribute is not present, in
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html it is, but either
way, the security is reduced   :(   )

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org