Please let me know how can I disable weak Ciphers for Tomcat 5.5.27
Asked
Active
Viewed 5,928 times
0
-
http://www.techstacks.com/howto/secure-ssl-in-tomcat.html will let you know. – Daniel Oct 11 '12 at 23:38
-
Checkout this [Disabling Weak Ciphers in Tomcat 5](http://java-interview-faqs.blogspot.com/2009/02/tomcat-best-practices-securing-ssl-by.html) – Nov 01 '09 at 08:04
1 Answers
2
See the ciphers attribute in the HTTP connector definition: http://tomcat.apache.org/tomcat-5.5-doc/config/http.html
Alternatively if you're using APR, see the SSLCipherSuite directive as documented in the SSL connector configuration as documented here: http://tomcat.apache.org/tomcat-5.5-doc/apr.html.
Note that OpenSSL ciphersuite names aren't quite the same as the j2se ciphersuite names. The Java ciphers are documented at: http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE. For APR, the command openssl ciphers will give you a list of all available OpenSSL ciphers on your system.
Martin Carpenter
- 5,893
- 1
- 28
- 32