On 08.06.21 14:10, Emen-Eddine AISSAOUI wrote: > Hello, > > I am contacting you regarding the cipher suite recommandations for TLS and > SSL for Tomcat. > > Could you please tell us which cipher suites are used and necessary and if > there is any particular prequesites regarding TLS and SSL encryption for the > proper functioning of Tomcat ? > > This is an urgent request for a customer feedback.
Are you asking for the Java prerequisites? Bitsize for keys requirement? What do you call "proper functioning" of Tomcat? Because it functions quite properly with any (supported) TLS settings. In general, the recommendations for ciphers are independent of the app server, it's rather a common industry standard (changing over time), but heavily depends on the devices you need to support. Can't go without this rant with regards to your urgency: If you have customers paying /you/ for that information, how much of that money are you willing to share for a quicker answer, /tailored/ to your (customer's) /exact/ needs? Olaf
