tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naqvi Zahid - znaqvi" <Zahid.Na...@acxiom.com>
Subject how do I block weak ciphers on Tomcat 4.1.31
Date Tue, 13 May 2008 16:04:08 GMT
I have extensively searched the web, but I can't find a definitive
answer on this. Here's the situation.

 

I have tomcat 4.1.31 with Java(TM) 2 Runtime Environment, Standard
Edition (build 1.5.0_15-b04), running on a Solaris 8 box. Due to custom
production apps we can not upgrade tomcat at this time (the transition
to tomcat 6 is in progress but not yet completed). Our security scanner
is reporting the following weak ciphers on the port we use for tomcat.

EXP-DES-CBC-SHA Weak Security

EXP-RC4-MD5 Weak Security

DES-CBC-SHA Weak Security

 

The list of ciphers I have configured in servers.xml is

 

ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"

 

as you can see none of the weak ciphers detected by the scanner are
listed in the servers.xml. The question is how do I block these weak
ciphers and is it possible that an application other than tomcat might
be providing/serving these ciphers (such as a java certificate etc.) on
the port used by tomcat.

 

 

Thanks for any help you can provide.

Zahid

*************************************************************************
The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be
legally privileged.

If the reader of this message is not the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.

If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.

Thank you.
*************************************************************************

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message