SSL Question
22 posts
• Page 2 of 2 • 1, 2
Re: SSL Question
by jcompagner » Thu Mar 08, 2012 10:58 am
thats currently not possible, create a case for that so that you can specify this in a property
Johan Compagner
Servoy
Servoy
-
jcompagner - Posts: 8833
- Joined: Tue May 27, 2003 7:26 pm
- Location: The Internet
Re: SSL Question
by chico » Thu Mar 08, 2012 1:40 pm
Ok, case is created: https://support.servoy.com/browse/SVY-1724
Hopefully this can be taken care of soon. We appreciate all the help.
Hopefully this can be taken care of soon. We appreciate all the help.
--------------------------------------------
Servoy Version: 6.0.3
DB: MySQL 5.1
Win XP/Vista/7 - Java 5u20 / 6u22
OS X - 10.6.5 - Java 5/6 update 3
Servoy Version: 6.0.3
DB: MySQL 5.1
Win XP/Vista/7 - Java 5u20 / 6u22
OS X - 10.6.5 - Java 5/6 update 3
- chico
- Posts: 271
- Joined: Tue Nov 20, 2007 6:34 am
Re: SSL Question
by jcompagner » Fri May 25, 2012 3:09 pm
I think you should already be able to make a configuration that works the way you want.
If you enable the tunnel and configure it on in HTTP mode only (so no socket)
then configure Tomcat like described here:
http://www.sslshopper.com/article-how-t ... omcat.html
then you should only have a https port (that you configured in tomcat) that has the weak ciphers disabled.
If you enable the tunnel and configure it on in HTTP mode only (so no socket)
then configure Tomcat like described here:
http://www.sslshopper.com/article-how-t ... omcat.html
then you should only have a https port (that you configured in tomcat) that has the weak ciphers disabled.
Johan Compagner
Servoy
Servoy
-
jcompagner - Posts: 8833
- Joined: Tue May 27, 2003 7:26 pm
- Location: The Internet
Re: SSL Question
by chico » Wed Aug 15, 2012 7:12 pm
Finally got around to changing our connect mode to http from 2waysocket.
Unfortunately, the speed of our solution was notably slower. So much so that we had to revert back to the 2waysocket.
Should the speed for http be slower? Or was there likely something else we had configured wrong?
Unfortunately, the speed of our solution was notably slower. So much so that we had to revert back to the 2waysocket.
Should the speed for http be slower? Or was there likely something else we had configured wrong?
--------------------------------------------
Servoy Version: 6.0.3
DB: MySQL 5.1
Win XP/Vista/7 - Java 5u20 / 6u22
OS X - 10.6.5 - Java 5/6 update 3
Servoy Version: 6.0.3
DB: MySQL 5.1
Win XP/Vista/7 - Java 5u20 / 6u22
OS X - 10.6.5 - Java 5/6 update 3
- chico
- Posts: 271
- Joined: Tue Nov 20, 2007 6:34 am
Re: SSL Question
by jcompagner » Thu Aug 16, 2012 9:45 am
purely going over the http mode is a bit slower, because it has more overhead.
But we don't really notice it in our own applications.
Did you disable SocketFactory.tunnelUseSSLForHttp ? because else you would have double ssl encryption. that is a bit waste. (the https of tomcat and the tunnels http ssl encryption)
But in the latest servoy versions we do have now support for it for the socket portion of http&socket, see this https://support.servoy.com/browse/SVY-1724 or the duplicate
But we don't really notice it in our own applications.
Did you disable SocketFactory.tunnelUseSSLForHttp ? because else you would have double ssl encryption. that is a bit waste. (the https of tomcat and the tunnels http ssl encryption)
But in the latest servoy versions we do have now support for it for the socket portion of http&socket, see this https://support.servoy.com/browse/SVY-1724 or the duplicate
Johan Compagner
Servoy
Servoy
-
jcompagner - Posts: 8833
- Joined: Tue May 27, 2003 7:26 pm
- Location: The Internet
Re: SSL Question
by chico » Thu Aug 16, 2012 3:52 pm
Thanks so much for this information.
So in Servoy 6.0.x, what would the property setting be?
And, does this property setting work in 6.0.6 or just 6.0.7?
So in Servoy 6.0.x, what would the property setting be?
And, does this property setting work in 6.0.6 or just 6.0.7?
--------------------------------------------
Servoy Version: 6.0.3
DB: MySQL 5.1
Win XP/Vista/7 - Java 5u20 / 6u22
OS X - 10.6.5 - Java 5/6 update 3
Servoy Version: 6.0.3
DB: MySQL 5.1
Win XP/Vista/7 - Java 5u20 / 6u22
OS X - 10.6.5 - Java 5/6 update 3
- chico
- Posts: 271
- Joined: Tue Nov 20, 2007 6:34 am
Re: SSL Question
by jcompagner » Thu Aug 16, 2012 9:47 pm
i explained that in the comment i did in that jira issue.
The tunnel now supports only allowing certain ciphers.
In 6.0 you can add that as a property in the servoy.properties file under they key: SocketFactory.SSLSupportedSuites
In 6.1 we also added this to the network settings area on the admin page
So for this to work you have to enable the tunnel mode http&socket or socket then the socket part will use the specific ciphers that are given as a comma separated string: SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA
The http part (or if you set the tunnel in http mode only) is handled by tomcat (see forum post). So for a http mode only you don't need this, you only configure the tomcat configuration.
only in 6.0.7 and greater.
The tunnel now supports only allowing certain ciphers.
In 6.0 you can add that as a property in the servoy.properties file under they key: SocketFactory.SSLSupportedSuites
In 6.1 we also added this to the network settings area on the admin page
So for this to work you have to enable the tunnel mode http&socket or socket then the socket part will use the specific ciphers that are given as a comma separated string: SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA
The http part (or if you set the tunnel in http mode only) is handled by tomcat (see forum post). So for a http mode only you don't need this, you only configure the tomcat configuration.
only in 6.0.7 and greater.
Johan Compagner
Servoy
Servoy
-
jcompagner - Posts: 8833
- Joined: Tue May 27, 2003 7:26 pm
- Location: The Internet
22 posts
• Page 2 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 9 guests