Page History

...

If you use Tomcat to run Java apps such as Atlassian Confluence (the page you're looking at now), JIRA, etc, via HTTPS, you might have noticed that your app will not support any 256 bit ciphers, however it will support 128 and 168 bit ciphers, as well as the lame 40 and 56 bit ciphers. The sslscan tool confirms this, and reports:

No Format

Accepted  SSLv3  128 bits  DHE-RSA-AES128-SHA 
Accepted  SSLv3  128 bits  AES128-SHA
Accepted  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
Accepted  SSLv3  56 bits   EDH-RSA-DES-CBC-SHA
Accepted  SSLv3  40 bits   EXP-EDH-RSA-DES-CBC-SHA
Accepted  SSLv3  168 bits  DES-CBC3-SHA
Accepted  SSLv3  56 bits   DES-CBC-SHA
Accepted  SSLv3  40 bits   EXP-DES-CBC-SHA
Accepted  SSLv3  128 bits  RC4-SHA
Accepted  SSLv3  128 bits  RC4-MD5
Accepted  SSLv3  40 bits   EXP-RC4-MD5
Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
Accepted  TLSv1  128 bits  AES128-SHA
Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
Accepted  TLSv1  56 bits   EDH-RSA-DES-CBC-SHA
Accepted  TLSv1  40 bits   EXP-EDH-RSA-DES-CBC-SHA
Accepted  TLSv1  168 bits  DES-CBC3-SHA
Accepted  TLSv1  56 bits   DES-CBC-SHA
Accepted  TLSv1  40 bits   EXP-DES-CBC-SHA
Accepted  TLSv1  128 bits  RC4-SHA
Accepted  TLSv1  128 bits  RC4-MD5
Accepted  TLSv1  40 bits   EXP-RC4-MD5

What is So what's the problem here?

The issue here lies in the so-called policy files of JDK6. According to Sun:

...

Space shortcuts

Child pages

Versions Compared

Old Version 8

New Version 9

Key