tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: How disable the Weak Cipher like TLS_DHE on APACHE 9.0.6
Date Wed, 25 Apr 2018 16:41:29 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Pierre,

On 4/25/18 12:16 PM, Pierre Chiu wrote:
> Hi Alexandre,
> 
> This is what I am doing. A+ on SSLabs.
> 
> https://orclcs.blogspot.ca/2017/03/tomcat-9-java-8-with-https.html 
> <https://orclcs.blogspot.ca/2017/03/tomcat-9-java-8-with-https.html>

The
>
> 
A+ is coming from your use of HSTS. If you had not enabled HSTS,
you wouldn't get the A+.

Note that SSLLabs considers some of your cipher suites as "weak" (e.g.
 TLS_RSA_WITH_AES_256_GCM_SHA384) and yet you still get an A+ rating.

Those ratings are quite subjective as you can see.

Thanks,
- -chris

>> On Apr 25, 2018, at 11:06 AM, Alexandre Adao
>> <alexadao@gmail.com> wrote:
>> 
>> I am currently running Apache Tomcat 9.0.6. I would like to 
>> disable the Weak Cipher like TLS_DHE or what will be the best 
>> Cipher type to get "A" from SSlabs test.
>> 
>> 
>> the SSLImplementation selected. JSSE style configuration is used
>>  below. -->
>> 
>> <Connector port="443" 
>> protocol="org.apache.coyote.http11.Http11NioProtocol" 
>> maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate 
>> certificateKeyFile="conf/xxx.key" certificateFile="conf/xxx.crt"
>>  certificateChainFile="conf/ixxxxxx-bundle" type="RSA" /> 
>> </SSLHostConfig>
> 
> 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlrgr7gACgkQHPApP6U8
pFiI6RAAjU4mJhOdWRoCLu2L6GTtKnUlWrqo15sVs/xAJgoRuN7SKsZtsaM8cTzh
NOz2+vQs0XHtEH98xuXStqdejLp5iQxCBwY4bqnkRzqimjtJrjkUnwEqQ9TAO5na
OL9m4F6a+LCLb9RjyE9c4tD09RbV8L4y7KI2VOuOoH2PO2gGmeeEN4IFY3navpf3
8b5l979POGuNP1fa2sCfvpqC8kCiMyvjtPORuuHJd40gxB5WqD9D5WfNbCrAufT0
dyyj5JeCFR2MX8WT1vJdtMRCMV77Bn4NvKcso3Raqw4JwYaw/Oxu20fpgIrqf3zG
igMmcu3CPJg3tX0uNOrMulEBAVcKWtgASPolpprgOiRI+lWqIiXA/L7zHWUDVMZT
pLZj9CuHi3ZwbDlc3IqLW1ED4uv6IqyZQCERiWN0wTcYm11ver2uthdsxqcqFYNZ
ob0QvFC2qTrzjsosTTpP08ISHdeLWpJBgd+48KzBpy/rOqTibDA/eVt9hf3XoHH0
J8UuXlJ7JCjraQoYe0lNsZFiql9SpjNNzjpvthpPTirfbrnVevffqUJdypRtUvFp
xuZzrxQh3dvN1nJ6HL1Ua3Yrv6u5mk2EqAg5Y/qxKiHmfeus7MCy+sVcuexUhbVD
zQnzZKbES20gITwYwUQ6ioTbl+lunTaNB4rf0RTTgkecm/q1/vg=
=As6K
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message