« Agent based system monitoring vs external monitoring... | Main | Changing Java keystore passwords... »

January 24, 2013

Enumerate protocols and ciphers for Tomcat

By default, Tomcat instances configured for SSL will accept pretty much any secured cipher, which, obvously, this not always optimal. Use the following method to insure AES 128 or AES 256.

First, insure that a protocol is specified within the connector block, for example:
sslProtocol="TLS"

Next, add your cipher specifications:
ciphers="TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA"

Finally, restart Tomcat. You should have enforced AES 128/256.

Posted by cdgrieb at January 24, 2013 01:19 PM

Comments

Login to leave a comment. Create a new account.