« Agent based system monitoring vs external monitoring... | Main | Changing Java keystore passwords... »
January 24, 2013
Enumerate protocols and ciphers for Tomcat
By default, Tomcat instances configured for SSL will accept pretty much any secured cipher, which, obvously, this not always optimal. Use the following method to insure AES 128 or AES 256.
First, insure that a protocol is specified within the connector block, for example:
sslProtocol="TLS"
Next, add your cipher specifications:
ciphers="TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
Finally, restart Tomcat. You should have enforced AES 128/256.
Posted by cdgrieb at January 24, 2013 01:19 PM