StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
93696
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2008-09-18T15:40:36.857
FavoriteCount
0
LastActivityDate
2008-09-18T15:40:36.857
LastEditDate
LastEditorUserId
0
OwnerUserId
16414
ParentId
92504
PostTypeId
2
Score
12
ViewCount
0
LastEditorDisplayName
text
Body
Okie doke, I think I just figured this out. As I said above, the key bit of knowledge is that the cert doesn't matter, so long as it's generated with an algorithm that supports AES 256-bit encryption (e.g., RSA). Just to make sure that we're on the same page, for my testing, I generated my self-signed cert using the following: <pre><code>keytool -genkey -alias tomcat -keyalg RSA </code></pre> Now, you have to make sure that your Java implementation on your server supports AES-256, and this is the tricky bit. I did my testing on an OS X (OS 10.5) box, and when I checked to see the list of ciphers that it supported by default, AES-256 was NOT on the list, which is why using that cert I generated above only was creating an AES-128 connection between my browser and Tomcat. (Well, technically, TLS_RSA_WITH_AES_256_CBC_SHA was not on the list -- that's the cipher that you want, according to <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#AppA" rel="noreferrer">this JDK 5 list</a>.) For completeness, here's the short Java app I created to check my box's supported ciphers: <pre><code>import java.util.Arrays; import javax.net.ssl.SSLSocketFactory; public class CipherSuites { public static void main(String[] args) { SSLSocketFactory sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault(); String[] ciphers = sslsf.getDefaultCipherSuites(); Arrays.sort(ciphers); for (String cipher : ciphers) { System.out.println(cipher); } } } </code></pre> It turns out that JDK 5, which is what this OS X box has installed by default, needs the "Unlimited Strength Jurisdiction Policy Files" installed in order to tell Java that it's OK to use the higher-bit encryption levels; you can <a href="http://java.sun.com/javase/downloads/index_jdk5.jsp" rel="noreferrer">find those files here</a> (scroll down and look at the top of the "Other Downloads" section). I'm not sure offhand if JDK 6 needs the same thing done, but the same policy files for JDK 6 <a href="http://java.sun.com/javase/downloads/index.jsp" rel="noreferrer">are available here</a>, so I assume it does. Unzip that file, read the README to see how to install the files where they belong, and then check your supported ciphers again... I bet AES-256 is now on the list. If it is, you should be golden; just restart Tomcat, connect to your SSL instance, and I bet you'll now see an AES-256 connection.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POStrong SSL with Tomcat 6
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USdelfuego
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POStrong SSL with Tomcat 6
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COUnlimited Strength Jurisdiction Policy Files must be installed in jdk home folder or just in tomcat/lib folder?
 singulars
 PostPostId
 PO
 UserUserId
 USFabio
2. COThey need to be in your JDK's /lib/security subdirectory (e.g., $JAVA_HOME/lib/security). This information is in the README of the files linked above.
 singulars
 PostPostId
 PO
 UserUserId
 USdelfuego

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.