Also how can i restrict cipher in the connector ?? Testing localhost:8443 ** TLSv1:EXP-ADH-RC4-MD5 - ENABLED - WEAK 40 bits ** ** TLSv1:ADH-AES128-SHA - ENABLED - WEAK 128 bits ** ** TLSv1:EXP-ADH-DES-CBC-SHA - ENABLED - WEAK 40 bits ** ** TLSv1:ADH-AES256-SHA - ENABLED - WEAK 256 bits ** ** TLSv1:ADH-DES-CBC3-SHA - ENABLED - WEAK 168 bits ** ** TLSv1:ADH-DES-CBC-SHA - ENABLED - WEAK 56 bits ** ** TLSv1:ADH-RC4-MD5 - ENABLED - WEAK 128 bits ** ** SSLv3:EXP-ADH-RC4-MD5 - ENABLED - WEAK 40 bits ** ** SSLv3:ADH-AES128-SHA - ENABLED - WEAK 128 bits ** ** SSLv3:EXP-ADH-DES-CBC-SHA - ENABLED - WEAK 40 bits ** ** SSLv3:ADH-AES256-SHA - ENABLED - WEAK 256 bits ** ** SSLv3:ADH-DES-CBC3-SHA - ENABLED - WEAK 168 bits ** ** SSLv3:ADH-DES-CBC-SHA - ENABLED - WEAK 56 bits ** ** SSLv3:ADH-RC4-MD5 - ENABLED - WEAK 128 bits **
On Fri, Jan 3, 2014 at 5:58 AM, Mudassir Aftab <withmudas...@gmail.com>wrote: > How can i test this ? can i test this with Firefox 25 ? > > > Regards, > Mudassir Aftab > > > On Fri, Jan 3, 2014 at 5:41 AM, Mudassir Aftab <withmudas...@gmail.com>wrote: > >> Thanks for keep replying, is there any way to restrict the cipher suite >> in the connector configuration? >> >> >> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5 >> >> >> >> On Fri, Jan 3, 2014 at 5:35 AM, Mudassir Aftab <withmudas...@gmail.com>wrote: >> >>> I have just configured latest version , following is the log >>> >>> Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener >>> init >>> INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR >>> version 1.5.0. >>> Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener >>> init >>> >>> INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters >>> [false], random [true]. >>> Jan 03, 2014 12:33:59 AM org.apache.catalina.core.AprLifecycleListener >>> initializeSSL >>> INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012) >>> Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init >>> INFO: Initializing ProtocolHandler ["http-apr-8443"] >>> Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init >>> INFO: Initializing ProtocolHandler ["http-apr-8080"] >>> Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init >>> INFO: Initializing ProtocolHandler ["ajp-apr-8009"] >>> Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.Catalina load >>> INFO: Initialization processed in 3145 ms >>> Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardService >>> startInternal >>> INFO: Starting service Catalina >>> Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardEngine >>> startInternal >>> INFO: Starting Servlet Engine: Apache Tomcat/7.0.47 >>> Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.HostConfig >>> deployDirectory >>> INFO: Deploying web application directory >>> /opt/tomcat7/webapps/host-manager >>> Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig >>> deployDirectory >>> INFO: Deploying web application directory /opt/tomcat7/webapps/docs >>> Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig >>> deployDirectory >>> INFO: Deploying web application directory /opt/tomcat7/webapps/manager >>> Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig >>> deployDirectory >>> INFO: Deploying web application directory /opt/tomcat7/webapps/ROOT >>> Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig >>> deployDirectory >>> INFO: Deploying web application directory /opt/tomcat7/webapps/examples >>> Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start >>> INFO: Starting ProtocolHandler ["http-apr-8443"] >>> Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start >>> INFO: Starting ProtocolHandler ["http-apr-8080"] >>> Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start >>> INFO: Starting ProtocolHandler ["ajp-apr-8009"] >>> Jan 03, 2014 12:34:07 AM org.apache.catalina.startup.Catalina start >>> INFO: Server startup in 7422 ms >>> >>> >>> >>> On Fri, Jan 3, 2014 at 5:31 AM, Christopher Schultz < >>> ch...@christopherschultz.net> wrote: >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA256 >>>> >>>> Mudassir, >>>> >>>> On 1/2/14, 7:21 PM, Mudassir Aftab wrote: >>>> > <Connector port="8443" protocol="HTTP/1.1" maxThreads="200" >>>> > sslProtocol="TLSv1" sslEnabledProtocols="TLSv1.2" >>>> >>>> Setting sslProtocol and sslEnabledProtocols will not affect an >>>> OpenSSL-based connector (which you have configured). As Chuck >>>> previously stated, you need to use different configuration attributes >>>> when using OpenSSL. Please read the documentation for the APR >>>> connector and those configuration attributes that affect the SSL engine. >>>> >>>> You might want to tell us how you are trying to connect, too. Also, >>>> run "openssl ciphers" on your system to see what ciphers are supported >>>> by your OpenSSL, and compare those to the list supported by your >>>> client. Perhaps you have a legitimate mismatch and TLS 1.2 itself >>>> isn't the problem. >>>> >>>> - -chris >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1 >>>> Comment: GPGTools - http://gpgtools.org >>>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >>>> >>>> iQIcBAEBCAAGBQJSxgTjAAoJEBzwKT+lPKRYcYcQAK9VZ5EncegU2zmkArxtf7dO >>>> NvIdSzKW9oyjDngFRc/pSga79Crj1SbnhY/SrwZLCv81MWuSjjgFpIBi/RlFMjpG >>>> ScFBU4NNT5HxGl0+0Eec9qcw93ObTKGPf8SkDjAfvpI2uzNH8DK/lHdqbqAksVGO >>>> dZGdYPAHMx4ssTc6ADKtwaXmbdJW2yo0VNp1t5bsUEJE2BYPnV8kh0djj2fME0zo >>>> B951A6YKyeL37c+zcAHEdbqKS1tmpk7bwuyhsXnmPCdrh6pRcqBuEGWKywCvDPw6 >>>> dopMmAd7ngGcEM4v24L5Fsv7nm2KeZL+BY+pyehxJCnP4EEobw0KtGEvzsMQn+hP >>>> tPQ2mpxEaKIgPxe09soHCYxTM5HqtXdK25pNZBpOcTBWCJH1tz+sA5z6h7ruJNI6 >>>> fVszEZEtCevkvwkP9GYWZ3mhdvHXE1rGtpc4u2/vCJCr0Hbszv0YS6LgQVWAxrQY >>>> b0qJLeYX+MAUGdC0Y3jLT/qes1XeK4wlugfFTP3Q2l6sKo2g7sWt8b2QDc9bKjHV >>>> kAmG1OPEzMe9d3IU6+2IPg0R3Ztdv9u2jUXZMzbmhfrs1B4c0tvRt769GKlxgRpS >>>> FulJgmIamfnHuRIVGUJUc30tr7e3Ozg0TduAuxnXEseb5gPR34k5O2hZO4bvqZpT >>>> HzFL8i8XSzQPIOQTM47s >>>> =xCfN >>>> -----END PGP SIGNATURE----- >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>>> >>> >> >