tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From reyus1 <rey...@gmail.com>
Subject Disable Low stregth encryption in Tomcat 4.1.30
Date Wed, 08 Feb 2006 05:35:08 GMT
Hi All,

I am using Tomcat 4.1.30 stand-alone with j2re1.4.2_04 to serve HTTPS
connections. I would like to disable the support for low encryption ciphers
like SSL_RSA_EXPORT_WITH_RC4_40_MD5. I have seen from the following page
that these are the supported ciphers:

http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html

I would only like to maintain support for Medium and High encryption ciphers
which range with a strength of => 128.

I looked at the attributes that Tomcat 4.1 uses and it doesn't have the
"cipher" attribute which I could use to force the encryption suite to use.
I am not looking to upgrade my Tomcat anytime soon.

Any ideas would be greatly appreciated. Feel free to correct me if I am also
taking the wrong way of solving this problem. Main goal here is to disable
the support for any Low Encryption on the Tomcat server. This is for added
security.

Regards,

reyus1

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message