That depends on you, which provider are you using? The pure Java one has the Java set of providers and the one with I5 in the name uses the OS provided ciphers. That said, I don't believe that Tomcat would offer a cipher that the JSSE provider wasn't providing. There are tools you can use to connect and find out what Tomcat is actually advertising. I seem to recall nmap being able to do that if you are allowed to run that in your environment (I am not.)

Coy Krill
Core Processing Administrator/Analyst
Washington Trust Bank

-----Original Message-----
From: JAVA400-L [mailto:java400-l-bounces@xxxxxxxxxxxx] On Behalf Of James H. H. Lampert
Sent: 2017 October 16 13:36
To: Java Programming on and around the IBM i
Subject: Re: Question about JSSE on Midrange boxes
Importance: Low

On 10/16/17, 12:17 PM, Charles Wilt wrote:
What do you mean, where JSSE "gets its ciphers"?

I should think my meaning should be self-explanatory:

Does JSSE on a Midrange JRE implement its ciphers internally, as with any normal JRE? Or does it somehow defer the implentation to the OS's cipher support?

The reason being that, to rephrase what I said, I have reason to believe that the problem one of our customers experienced was the result of the JRE claiming (to a Tomcat server it was running) that it could support ECDHE ciphers it couldn't actually implement when asked (by a browser) to do so.

Whether there's a way to remedy this within an OS release is irrelevant; the immediate problem was solved by adding a "ciphers" clause to the relevant connection tag in the Tomcat server's server.xml file.

--
JHHL
--
This is the Java Programming on and around the IBM i (JAVA400-L) mailing list To post a message email: JAVA400-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at https://archive.midrange.com/java400-l.



---------------------------------------------------------------------
This electronic mail message and any attachments may contain confidential or privileged information and is intended for use solely by the above-referenced recipient. Any review, copying, printing, disclosure, distribution, or other use by any other person or entity is strictly prohibited under applicable law. If you are not the named recipient, or believe you have received this message in error, please immediately notify the sender by replying to this message and delete the copy you received

---------------------------------------------------------------------


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.