| Version 4 (modified by jpmitchell@…, 13 years ago) (diff) |
|---|
IAM Projects / IAM Tomcat Configuration
This page documents various tweaks to the IAM Tomcat configuration.
- Elimination of weak SSL ciphers
Add the ciphers option as shown below to the connector. You may need the SSLInfo Java app (which is attached below) to list available ciphers and to get a list of cipher names for use in the cipher option.... <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" ciphers="SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_RSA_WITH_AES_128_CBC_SHA" /> ...
Attachments
- SSLInfo.java (1.1 KB) - added by jpmitchell@… 13 years ago.
- SSLInfo.class (1.6 KB) - added by jpmitchell@… 13 years ago.
