How to disable weak ciphers in Tomcat?

In order to disable weak ciphers, please modify your SSL Connector, container attribute inside server.xml with the following information:
ciphers="SSL_RSA_WITH_RC4_128_SHA,

TLS_RSA_WITH_AES_128_CBC_SHA,

TLS_DHE_RSA_WITH_AES_128_CBC_SHA,

TLS_DHE_DSS_WITH_AES_128_CBC_SHA,

SSL_RSA_WITH_3DES_EDE_CBC_SHA,

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"















Example:
maxHttpHeaderSize="8192"
address="192.168.1.1"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="SSL"
ciphers="SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
keystoreFile="SomeDir/SomeFile.key"
keystorePass="Poodle"
truststoreFile="SomeDir/SomeFile.truststore"
truststorePass="HomeRun"/>






















  • 44 Users Found This Useful
Was this answer helpful?

Related Articles

Java Keytool: commands

Deleting a certificate:  keytool -delete -alias aliasname List all of the...

How do I make my own bundle file from CRT files?

You may do this using you favorite text editor or by using the command line.Example: #...

Convert certificates formats (PEM/P7B/PFX/DER)

You can change certificate format using OpenSSL commands or SSL Converter tool. The...

Changing .crt file into the .cer format

Double-click on the yourwebsite.crt file to open it into the certificate display. In a new...

Converting .pfx file for use with Apache

Run the following command with open SSL:  openssl pkcs12 -in mypfxfile.pfx -out...