tags:

views:

1211

answers:

2

Please let me know how can I disable weak Ciphers for Tomcat 5.5.27

+1  A: 

See the ciphers attribute in the HTTP connector definition: http://tomcat.apache.org/tomcat-5.5-doc/config/http.html

Alternatively if you're using APR, see the SSLCipherSuite directive as documented in the SSL connector configuration as documented here: http://tomcat.apache.org/tomcat-5.5-doc/apr.html.

Note that OpenSSL ciphersuite names aren't quite the same as the j2se ciphersuite names. The Java ciphers are documented at: http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE. For APR, the command openssl ciphers will give you a list of all available OpenSSL ciphers on your system.

Martin Carpenter
A: 

Checkout this Disabling Weak Ciphers in Tomcat 5

priya