Knowledgebase

How to disable weak ciphers in Tomcat?  Print this Article

In order to disable weak ciphers, please modify your SSL Connector, container attribute inside server.xml with the following information:

ciphers="SSL_RSA_WITH_RC4_128_SHA,

TLS_RSA_WITH_AES_128_CBC_SHA,

TLS_DHE_RSA_WITH_AES_128_CBC_SHA,

TLS_DHE_DSS_WITH_AES_128_CBC_SHA,

SSL_RSA_WITH_3DES_EDE_CBC_SHA,

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"















Example:

maxHttpHeaderSize="8192"
address="192.168.1.1"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="SSL"
ciphers="SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
keystoreFile="SomeDir/SomeFile.key"
keystorePass="Poodle"
truststoreFile="SomeDir/SomeFile.truststore"
truststorePass="HomeRun"/>






















Was this answer helpful?

Related Articles

Java Keytool: commands
Deleting a certificate:  keytool -delete -alias aliasname List all of the...
How do I make my own bundle file from CRT files?
You may do this using you favorite text editor or by using the command line.Example: #...
Convert certificates formats (PEM/P7B/PFX/DER)
You can change certificate format using OpenSSL commands or SSL Converter tool. The...
Changing .crt file into the .cer format
Double-click on the yourwebsite.crt file to open it into the certificate display. In a new...
Converting .pfx file for use with Apache
Run the following command with open SSL:  openssl pkcs12 -in mypfxfile.pfx -out...