All geek questions in one place

Strong SSL with Tomcat 6

I am trying to create a self-signed certificate for use with Apache Tomcat 6. Every certificate I can make always causes the browser to connect to AES-128. The client would like me to demonstrate that I can create an AES-256 connection.

I tried java keytool and openssl. I tried with various parameters, but I can not specify anything about the keys, just the size of the signature.

How can I get a tomcat browser connection with AES-256 with a self-signed certificate?

+3
source share
4 answers

Okie doke, I think I just figured it out.

, , , , 256- AES (, RSA). , , , :

keytool -genkey -alias tomcat -keyalg RSA

, Java AES-256, . OS X (OS 10.5), , , , AES-256 , , , AES-128 Tomcat. (, , TLS_RSA_WITH_AES_256_CBC_SHA - , , JDK 5.)

Java-, , :

import java.util.Arrays;
import javax.net.ssl.SSLSocketFactory;

public class CipherSuites {
  public static void main(String[] args) {
    SSLSocketFactory sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault();
    String[] ciphers = sslsf.getDefaultCipherSuites();
    Arrays.sort(ciphers);
    for (String cipher : ciphers) {
      System.out.println(cipher);
    }
  }
}

, JDK 5, OS X, " ", , Java, , ; ( " " ). , JDK 6 , JDK 6 , , . , README, , , , ... , AES-256 .

, ; Tomcat, SSL, , AES-256.

+12

danivo, AES, - . , , , (, AES). . (PDF) , cert upsell "256-" , , 256- .

, , AES-128, , Tomcat AES-256 ( , , , , ).

+1

SSL- ( - SSL). , . - 256-AES SSL- ? AES-128 - , , -, (: 2 ^ 128 wikipedia), 128- . , , , -, ssh ( , 256- AES 4096- RSA) vpn .

+1

I think you are looking for http://www.sslshopper.com/article-how-to-disable-weak-ciphers-and-ssl-2-in-tomcat.html as well as http://docs.oracle.com /javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA

Depending on whether you need good security and compatibility, or PCI certification.

+1
source

Source: https://habr.com/ru/post/1697120/

More articles:


All Articles