Roman, > On 21/09/2016 11:22, Román Valoria wrote: > > Before anyone tells me, I cannot upgrade either Tomcat or Java to the > > latest major release. > > > > My setup is running on Windows Server 2008 R2 64-bit OS. > > What configuration have you tried? > > How do you know it didn't work? > > Mark > > > > > On Wed, Sep 21, 2016 at 6:18 PM, Román Valoria <romanvalo...@gmail.com> > > wrote: > > > >> Dear all: > >> > >> I need to configure Tomcat 7.0.65 with Java 6, both 64-bit. > >> > >> I have managed to make it work with update 121 in using the SSL protocol > >> TLS 1.2. > >> > >> Now I need to exert some control over the cipher suites used on that > >> protocol. > >> > >> I am unable to come up with the list of supported cipher suite names to > >> use. > >> > >> Both JRE and JDK are in: > >> > >> https://support.oracle.com/epmos/faces/PatchResultsNDetails?patchId= > >> 9553040 > >> > >> I am using both the Java 6 and 7 documentation to come up with the cipher > >> suite names: > >> > >> Java Cryptography Architecture Sun ProvidersDocumentation > >> <http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html> > >> > >> > >> Java PKCS#11 Reference Guide > >> <http://docs.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html#ALG> > >> > >> > >> Standard Algorithm Name Documentation > >> <http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Cipher> > >> > >> > >> Java Cryptography Architecture Oracle ProvidersDocumentation > >> <http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider> > >> > >> > >> As per the above I even tried downloading the Java Cryptography Extension > >> for Java 6 from: > >> > >> Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy > >> Files 6 > >> <http://www.oracle.com/technetwork/java/embedded/embedded-se/downloads/jce-6-download-429243.html> > >> > >> > >> But that is for 32-bit and failed anyway. > >> > >> Am I missing something? > >> > >> Thanks and regards. > >> > > >
I have had good experiences with SSLInfo.java (https://gist.github.com/MikeN123/8810553). That will provide you with the possible Ciphers in you JRE. Converting a good openssl cipher string to Java syntax can be found on http://blog.bitmelt.com/2013/11/tomcat-ssl-hardening.html Given Java6, you will not have many working options. Most browsers will limit usage of old ciphers. Plus you lose TLS 1.1/1.2. Best regards Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org