-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 James,
On 10/9/17 5:19 PM, Christopher Schultz wrote: > On 10/6/17 6:34 PM, James H. H. Lampert wrote: >> Noting that my connector tag is written using Tomcat 7 connector >> syntax, is there a good example of how to code a ciphers clause >> for that tag? > > Tomcat 8.5+ and 9.0+ can do it... but nobody has written a > command-line tool around that capability. (I could have sworn such > a tool existed already. I guess I'll write one.) Okay, it's in Tomcat 9, now. Grab Tomcat 9 trunk, build it ("ant deploy"), then run: $ output/build/bin/ciphers.sh [cipherspec] where "cipherspec" is an OpenSSL-style cipher suite spec, like: $ output/build/bin/ciphers.sh 'DEFAULT' This gives you the JVM's current default, and dumps-out all of the IANA-style cipher suite names. So if you want to add one cipher suite to the default Java suites, just do this: $ output/build/bin/ciphers.sh 'DEFAULT' and then add this to the end: TLS_RSA_WITH_AES_256_CBC_SHA (Unless TLS_RSA_WITH_AES_256_CBC_SHA is already present in the list.) Note that the "DEFAULT" list has a bunch of junk you don't need. Specifically, you can probably get rid of all of these things with no ill effects, and your configuration will "look" simpler: $ ./bin/ciphers.sh '!PSK:!aNULL:!DSA:!SRP:!DSS:HIGH' Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnb9NkdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFisoA//bj9GFzlMaZdPYXHt y2iQIToESUg6Wa8vU5lQscLDfqtXeAIawiXusILz/th1fCu1usy8HeC/5nBINXAQ McbEUSRiq6YitPXDIwXqbOGZS76vxmheFPTst6gHCN6hNOYbFEbejK3cxX8s0Bbg kXtqcrnnN+a+J5UZmFeB3tctQfwsVLyGcvcwzDRTjFCIjrD1CwdEd+Ckk740jCFU HXgEewO6rVnxAx80hP2c9ztsHblNt0KFm4zMtWjxmHTigac1EEA1ZAi5P3nIJu5n 7HIw0jVX3qZHamVHXWSPb7skEZY/wj7Kko8XmJFWS0bbwuaTQJ+Pr8ZJPT145/Tb F0w6PqPqiR9sre7Yvy4v9y/QOqFjujEqMzkTNedRaBEItmzELPkYBBms2b2bkIVj bMptV5FidCthzvJAnQ5efuiG9qYCuHajNEjQM4Mhu0t95yolmh4+yD2yxA4sS35W YPxy24tgY9A2nNpJS+QSWtCzkQBJz+0Uxnw8y3AbW2oRkA649i+9+KppSAqCx7kH QYUSwTD+7aETlVthfANEr5D/MbzJbflhTjXl/bZjuEc2p1tWPxZrqC+E8FwniMLL NYwK4rMDrSZfrgY7mn6uPcTxzEIMTj/KvtaZCFY1GRAlAf16vNVlnCHQzMvlYKGW gtqS2tF9DBurCs65qocxtWLAQwU= =bEIh -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org