PCI compliance requires that weak and medium strength SSL ciphers are disabled, along with SSLv2 functionality. To achive this, just add the following to your SSL connector within server.xml and restart tomcat. sslProtocol should be set to TLS or SSLv3 and the ciphers setting should be added as below.
Typically the server.xml will be in:
/usr/share/tomcat5/conf/server.xml
/etc/tomcat5/server.xml
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
ciphers="SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
keystoreFile="SomeDir/mykey.key" keystorePass="pass"
