Pier Fumagalli <[EMAIL PROTECTED]> writes:
> "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>
> > Hi,
> > does Tomcat support the Diffie-Hellman Key Agreement Method, when it is ssl
> > enabled ?
> > If not is it possible to make Tomcat-ssl use Diffie-Helman instead then RSA,
> > so that Tomcat does not need a certificate when started in ssl mode ?
>
> I believe it depends on JSSI to do the cypher negotiation.
Both JSSE and PureTLS have support for normal DH. JSSE has support
for anonymous DH but PureTLS does not yet.
That said, you're probably better off using self-signed RSA
certificates since a fair number of SSL/TLS implementations
do not support anonymous DH (e.g. almost no browsers do.)
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
