tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: How disable the Weak Cipher like TLS_DHE on APACHE 9.0.6
Date Wed, 25 Apr 2018 16:10:12 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Alexandre,

On 4/25/18 11:06 AM, Alexandre Adao wrote:
> I am currently running Apache Tomcat 9.0.6. I would like to disable
> the Weak Cipher like TLS_DHE or what will be the best Cipher type
> to get "A" from SSlabs test.
> 
> 
> the SSLImplementation selected. JSSE style configuration is used 
> below. -->
> 
> <Connector port="443" 
> protocol="org.apache.coyote.http11.Http11NioProtocol" 
> maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate
> certificateKeyFile="conf/xxx.key" certificateFile="conf/xxx.crt" 
> certificateChainFile="conf/ixxxxxx-bundle" type="RSA" /> 
> </SSLHostConfig>

Have a look at this page on the Wiki:
https://wiki.apache.org/tomcat/Security/Ciphers

It looks like that page could use some updating with the most-recent
versions of Tomcat/Java.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlrgqGQACgkQHPApP6U8
pFjacA//RSI31Pc9nEq8HVeAFfDgX9k5/jc/WdJL9B8OHP8AFNYajkEqWVeqQ2Um
MamvJ/Hvia/Ixy7Mlwfm27+NhedYi0ZSThsLArZh5C3LTeUjCTg1tT2WQkvJBVUp
njDHKVCELX1hoO8CngsGWuK14bEjGqsauSm+HoamQ/4zo365afpQAgaBSGiu80i2
kgMXGoLCVl8N755tBYLuS3tsTj4RerXjXQlg6QLnrIRCl2WMveI2NttHuD8fDdhE
FHeQU12wm4m0CzWk4XhJ28JNA064rYRtqi9sklPQpEWg2SVubVgdRYYuLek2z8yv
bmbyGo7RZU/Lf/uKAhfjeoD1g+wxZln2TOZVf+j33CKVhBeIVTPLZlOKYxYiz24f
e8cDvsn0974YaoHXwaVqbhSsUUeerLrt+vzZwbfTbC8/+dvdwZM4x42+rYyjBEqU
CeZ7M7Jh5iwht7zJ3DBpXFQSoms8fGtU0vFHU/yIeR/a1/wWxbGJTsKpYbXX+s5E
aWebMnvnGwhRNtYQ/FsDP9BvXcIy/eNIyxubJ45nY4MWNo+CQPm9UkXvQRgMewuK
Uy19EKVZfudb33EDlejSYLiyyYKj+W0Nn6GWpvUrRgcQPXQCo5ZsD6JwDKG2orCe
RXnIJmZnoZkJkDpledx1Uujbt5HSmYHV09bMfUCTPJipOvpsmBw=
=bA7P
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message