Please let me know how can I disable weak Ciphers for Tomcat 5.5.27
+1
A:
See the ciphers attribute in the HTTP connector definition: http://tomcat.apache.org/tomcat-5.5-doc/config/http.html
Alternatively if you're using APR, see the SSLCipherSuite directive as documented in the SSL connector configuration as documented here: http://tomcat.apache.org/tomcat-5.5-doc/apr.html.
Note that OpenSSL ciphersuite names aren't quite the same as the j2se ciphersuite names. The Java ciphers are documented at: http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE. For APR, the command openssl ciphers will give you a list of all available OpenSSL ciphers on your system.
Martin Carpenter
2008-11-27 10:07:04