Re: AW: Outbound SSL?

James H. H. Lampert Fri, 31 May 2019 15:42:08 -0700

On 5/31/19, 3:34 AM, bernd.sch...@daimler.com wrote:

You can run a small java program on your jvm to print out the supported
And default protocols.
Yet, I didn’t find a better way.


e.g. ==> 
https://confluence.atlassian.com/stashkb/list-ciphers-used-by-jvm-679609085.html

If I set the same JAVA_HOME as Tomcat was launched under, and compileand run "Ciphers.java" from the above site, on the customer box, I get:


> Default Cipher
>         SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SH
> *       SSL_DHE_DSS_WITH_AES_128_CBC_SHA
> *       SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
>         SSL_DHE_DSS_WITH_AES_128_GCM_SHA256
> *       SSL_DHE_DSS_WITH_AES_256_CBC_SHA
> *       SSL_DHE_DSS_WITH_AES_256_CBC_SHA256
>         SSL_DHE_DSS_WITH_AES_256_GCM_SHA384
>         SSL_DHE_DSS_WITH_DES_CBC_SHA
>         SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
> *       SSL_DHE_RSA_WITH_AES_128_CBC_SHA
> *       SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
>         SSL_DHE_RSA_WITH_AES_128_GCM_SHA256
> *       SSL_DHE_RSA_WITH_AES_256_CBC_SHA
> *       SSL_DHE_RSA_WITH_AES_256_CBC_SHA256
>         SSL_DHE_RSA_WITH_AES_256_GCM_SHA384
>         SSL_DHE_RSA_WITH_DES_CBC_SHA
>         SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
>         SSL_DH_anon_WITH_AES_128_CBC_SHA
>         SSL_DH_anon_WITH_AES_128_CBC_SHA256
>         SSL_DH_anon_WITH_AES_128_GCM_SHA256
>         SSL_DH_anon_WITH_AES_256_CBC_SHA
>         SSL_DH_anon_WITH_AES_256_CBC_SHA256
>         SSL_DH_anon_WITH_AES_256_GCM_SHA384
>         SSL_DH_anon_WITH_DES_CBC_SHA
> *       SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
> *       SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
>         SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> *       SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> *       SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>         SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>         SSL_ECDHE_ECDSA_WITH_NULL_SHA
> *       SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA
> *       SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>         SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> *       SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA
> *       SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>         SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>         SSL_ECDHE_RSA_WITH_NULL_SHA
> *       SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA
> *       SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
>         SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
> *       SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA
> *       SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>         SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
>         SSL_ECDH_ECDSA_WITH_NULL_SHA
> *       SSL_ECDH_RSA_WITH_AES_128_CBC_SHA
> *       SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
>         SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256
> *       SSL_ECDH_RSA_WITH_AES_256_CBC_SHA
> *       SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384
>         SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384
>         SSL_ECDH_RSA_WITH_NULL_SHA
>         SSL_ECDH_anon_WITH_AES_128_CBC_SHA
>         SSL_ECDH_anon_WITH_AES_256_CBC_SHA
>         SSL_ECDH_anon_WITH_NULL_SHA
>         SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5
>         SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA
>         SSL_KRB5_WITH_DES_CBC_MD5
>         SSL_KRB5_WITH_DES_CBC_SHA
>         SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
>         SSL_RSA_FIPS_WITH_DES_CBC_SHA
> *       SSL_RSA_WITH_AES_128_CBC_SHA
> *       SSL_RSA_WITH_AES_128_CBC_SHA256
>         SSL_RSA_WITH_AES_128_GCM_SHA256
> *       SSL_RSA_WITH_AES_256_CBC_SHA
> *       SSL_RSA_WITH_AES_256_CBC_SHA256
>         SSL_RSA_WITH_AES_256_GCM_SHA384
>         SSL_RSA_WITH_DES_CBC_SHA
>         SSL_RSA_WITH_NULL_MD5
>         SSL_RSA_WITH_NULL_SHA
>         SSL_RSA_WITH_NULL_SHA256
> *       TLS_EMPTY_RENEGOTIATION_INFO_SCSV

FOR COMPARISON PURPOSES, what we get on our box is:
> Default Cipher
> *       SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
> *       SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
> *       SSL_DHE_DSS_WITH_AES_128_CBC_SHA
> *       SSL_DHE_DSS_WITH_AES_256_CBC_SHA
> *       SSL_DHE_DSS_WITH_DES_CBC_SHA
> *       SSL_DHE_DSS_WITH_RC4_128_SHA
> *       SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
> *       SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> *       SSL_DHE_RSA_WITH_AES_128_CBC_SHA
> *       SSL_DHE_RSA_WITH_AES_256_CBC_SHA
> *       SSL_DHE_RSA_WITH_DES_CBC_SHA
>         SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
>         SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
>         SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
>         SSL_DH_anon_WITH_AES_128_CBC_SHA
>         SSL_DH_anon_WITH_AES_256_CBC_SHA
>         SSL_DH_anon_WITH_DES_CBC_SHA
>         SSL_DH_anon_WITH_RC4_128_MD5
>         SSL_KRB5_EXPORT_WITH_DES_CBC_40_MD5
>         SSL_KRB5_EXPORT_WITH_DES_CBC_40_SHA
>         SSL_KRB5_EXPORT_WITH_RC4_40_MD5
>         SSL_KRB5_EXPORT_WITH_RC4_40_SHA
>         SSL_KRB5_WITH_3DES_EDE_CBC_MD5
>         SSL_KRB5_WITH_3DES_EDE_CBC_SHA
>         SSL_KRB5_WITH_DES_CBC_MD5
>         SSL_KRB5_WITH_DES_CBC_SHA
>         SSL_KRB5_WITH_RC4_128_MD5
>         SSL_KRB5_WITH_RC4_128_SHA
> *       SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
> *       SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
> *       SSL_RSA_EXPORT_WITH_RC4_40_MD5
> *       SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
> *       SSL_RSA_FIPS_WITH_DES_CBC_SHA
> *       SSL_RSA_WITH_3DES_EDE_CBC_SHA
> *       SSL_RSA_WITH_AES_128_CBC_SHA
> *       SSL_RSA_WITH_AES_256_CBC_SHA
> *       SSL_RSA_WITH_DES_CBC_SHA
>         SSL_RSA_WITH_NULL_MD5
>         SSL_RSA_WITH_NULL_SHA
> *       SSL_RSA_WITH_RC4_128_MD5
> *       SSL_RSA_WITH_RC4_128_SHA


--
JHHL


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: Outbound SSL?

Reply via email to