On 20/05/2016 12:18, Utkarsh Dave wrote: > Hi Mark - Thanks. > SSLHonorCipherOrder, cna it be configured on Tomcat ?
There would not have been much point telling you about a configuration option you could not use would there? It sounds like you need to spend a few minutes looking over the TLS configuration options for the APR/native HTTP connector: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native Mark > > -thanks > > On Fri, May 20, 2016 at 4:42 PM, Mark Thomas <ma...@apache.org> wrote: > >> On 20/05/2016 12:04, Jan Dosoudil wrote: >>> Hi, >>> do you have Java Cryptography Extension (JCE) Unlimited Strength >>> Jurisdiction Policy Files installed? >> >> Irrelevant. The OP is using APR / OpenSSL. >> >> The available ciphers are controlled by the SSLCipherSuite which follows >> the OpenSSL config rules for ciphers. >> >> You can set SSLHonorCipherOrder to enforce the server's preference order >> if you wish. >> >> Mark >> >> >>> >>> JD >>> >>> 2016-05-20 12:50 GMT+02:00 Utkarsh Dave <utkarshkd...@gmail.com>: >>> >>>> Sorry, I missed that information in my earlier mail. >>>> Tomcat - 7.0.69 configured for SSL >>>> Connector - APR >>>> Java - jdk1.7.0_101 >>>> >>>> >>>> On Fri, May 20, 2016 at 4:10 PM, Mark Thomas <ma...@apache.org> wrote: >>>> >>>>> On 20/05/2016 11:37, Utkarsh Dave wrote: >>>>>> Hi Users and Tomcat team, >>>>>> >>>>>> Port 8443 on my product is configured for Tomcat and accepts inbound >>>>>> traffic from 3rd parties. >>>>>> In the TLS handshake, Tomcat chooses TLS_RSA_WITH_AES_256_CBC_SHA over >>>>> some >>>>>> of the more secure cipher options offered by the 3rd party. The >>>>>> 3rd party offers a list of 66 cipher suites that include many >>>>>> ECDHE and DHE variants. Tomcat configured on my product preferred >>>> cipher >>>>>> suite is AES256-SHA. >>>>>> Can The tomcat be configured for ECDHE and DHE suites must be >>>>>> available and preferred? >>>>> >>>>> Tomcat version? >>>>> >>>>> Connector type? >>>>> >>>>> Java version? >>>>> >>>>> Mark >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>> >>>>> >>>> >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org