Diffie Hellman
Hi, does Tomcat support the Diffie-Hellman Key Agreement Method, when it is ssl enabled ? If not is it possible to make Tomcat-ssl use Diffie-Helman instead then RSA, so that Tomcat does not need a certificate when started in ssl mode ? many thanks Andrea -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Diffie Hellman
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, does Tomcat support the Diffie-Hellman Key Agreement Method, when it is ssl enabled ? If not is it possible to make Tomcat-ssl use Diffie-Helman instead then RSA, so that Tomcat does not need a certificate when started in ssl mode ? I believe it depends on JSSI to do the cypher negotiation. Pier -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Diffie Hellman
Pier Fumagalli [EMAIL PROTECTED] writes: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, does Tomcat support the Diffie-Hellman Key Agreement Method, when it is ssl enabled ? If not is it possible to make Tomcat-ssl use Diffie-Helman instead then RSA, so that Tomcat does not need a certificate when started in ssl mode ? I believe it depends on JSSI to do the cypher negotiation. Both JSSE and PureTLS have support for normal DH. JSSE has support for anonymous DH but PureTLS does not yet. That said, you're probably better off using self-signed RSA certificates since a fair number of SSL/TLS implementations do not support anonymous DH (e.g. almost no browsers do.) -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
