Disable weak ciphers in Tomcat

PCI compliance requires that weak and medium strength SSL ciphers are disabled, along with SSLv2 functionality. To achive this, just add the following to your SSL connector within server.xml and restart tomcat. sslProtocol should be set to TLS or SSLv3 and the ciphers setting should be added as below.

Typically the server.xml will be in:
/usr/share/tomcat5/conf/server.xml
/etc/tomcat5/server.xml

You can leave a response, or trackback from your own site.

One Response to “Disable weak ciphers in Tomcat”

  1. Pedro says:

    Hi, there is typo error at the end of the attribute ciphers, it’s neccesary to close the double quotes.

Leave a Reply