On 26/05/2014, at 6:58 pm, Sverre Moe <sverre....@gmail.com> wrote: >> Documentation aside, none of these cipher-suites are supported in Oracle > Java 7. > The AES_CBC ciphers I had there are supported in Java 7. > > I have already concluded as much regarding the AES_x_GCM. Using Java 8 one > have access to these higher GCM ciphers, but only very few obscure browsers > supports them. Therefore neither AES_256_GCM nor SHA384 can be used yet. >
Latest versions of Firefox and Chrome (and others I suspect) use GCM ciphers (gmail seems to prefer them for example). > Also because of the the JSSE cipher ordering it will always choose > AES_x_CBC instead over AES_x_GCM if both are in the Connector cipher list. > See table: Default Enabled Cipher Suites > http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider > Same ordering you get from getDefaultCipherSuites(); > You don’t have to accept the default ciphers, or ordering. Check the docs for the HTTP connector to see how to configure this. tim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org