How to use 2048-bit Diffie-Hellman group at geronimo configuration

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

How to use 2048-bit Diffie-Hellman group at geronimo configuration

amlan.geronimo
Hi All,

I am Amlan working as Apache Geronimo Administrator.

Could you please help me that How could I do following two things at Apache Geronimo Application servers 2.1.4 & 2.1.8

1. How disable support for export cipher suites at Apache Geronimo 2.1.4/2.1.8 application server?

2. How to generate a unique 2048-bit Diffie-Hellman group and use it at Apache Geronimo 2.1.4/2.1.8 within config.xml

At my config.xml file I see TLS defined in two location:

1...

<gbean name="TomcatWebSSLConnector">
            <attribute name="host">${ServerHostname}</attribute>
            <attribute name="port">${HTTPSPort + PortOffset}</attribute>
            <attribute name="maxHttpHeaderSize">8192</attribute>
            <attribute name="maxThreads">150</attribute>
            <attribute name="minSpareThreads">25</attribute>
            <attribute name="maxSpareThreads">75</attribute>
            <attribute name="enableLookups">false</attribute>
            <attribute name="acceptCount">100</attribute>
            <attribute name="disableUploadTimeout">false</attribute>
            <attribute name="clientAuth">false</attribute>
            <attribute name="algorithm">Default</attribute>
            <attribute name="sslProtocol">TLS</attribute>
            <attribute name="keystoreFile">var/security/keystores/geronimo-default</attribute>
            <attribute name="keystorePass">{Simple}djgsfcjefdkcgh</attribute>
            <attribute name="keystoreType">JKS</attribute>
        </gbean>

2...

<gbean name="JMXSecureConnector">
            <attribute name="protocol">rmi</attribute>
            <attribute name="host">${ServerHostname}</attribute>
            <attribute name="port">${JMXSecurePort + PortOffset}</attribute>
            <attribute name="urlPath">/jndi/rmi://${ServerHostname}:${NamingPort + PortOffset}/JMXSecureConnector</attribute>
            <attribute name="algorithm">Default</attribute>
            <attribute name="secureProtocol">TLS</attribute>
            <attribute name="keyStore">geronimo-default</attribute>
            <attribute name="keyAlias">geronimo</attribute>
            <attribute name="trustStore">geronimo-default</attribute>
            <attribute name="clientAuth">false</attribute>
        </gbean>


Regards,

Amlan
Loading...