Thank you all for the help and responses. We figured out what the problem was. What I did was correct in terms of the attribute setting, the tomcat version used and the JRE version used. However, I did not realize our JRE is running in FIPs mode using RSA BSAFE as the crypto provider. When I tested and ran under standard JRE, then the server cipher suite order was preferred. Now I will have to look into what RSA library is doing here. Probably they are setting that Java API too which could be overwriting our setting in tomcat. Anyways, that's our problem to look into. Thanks again for the timely response and help!
Sent from my iPhone > On Oct 10, 2017, at 10:26 AM, Konstantin Kolinko <knst.koli...@gmail.com> > wrote: > > 2017-10-09 19:31 GMT+03:00 Harish Krishnan <harish....@gmail.com>: >> Hi All, >> >> Need your expert input here. >> Not sure what I am doing wrong, but I cannot get this server preference >> cipher suites feature working. >> >> My setup: >> Latest tomcat 7.x build (which supports useServerCipherSuitesOrder attribute) >> Latest Java 1.8 build. >> >> No matter what value I set to this attribute (true OR false OR undefined >> which is by default), I always see the Clients preference picked. >> As an example, if clients order is ABCDEF, and servers order is DEFABC, no >> matter what value I set to this useServerCipherSuitesOrder attribute, always >> the order selected is ABC... > > It should work when running on Java 8. > > Maybe try debugging > e.g. with breakpoint in org.apache.tomcat.util.compat.Jre8Compat > setUseServerCipherSuitesOrder() > > https://wiki.apache.org/tomcat/FAQ/Developing#Debugging > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
