Disable weak ciphers in Tomcat | SysAd Nonsense

Disable weak ciphers in Tomcat

May 6th, 2010 1 Comment

PCI compliance requires that weak and medium strength SSL ciphers are disabled, along with SSLv2 functionality. To achive this, just add the following to your SSL connector within server.xml and restart tomcat. sslProtocol should be set to TLS or SSLv3 and the ciphers setting should be added as below.

Typically the server.xml will be in:
/usr/share/tomcat5/conf/server.xml
/etc/tomcat5/server.xml


							Posted in Linux, Tomcat | Tags: PCI, Tomcat 
						
							
								« Spell check your website with Firefox
								3 Reasons not to use UK2 »
							
							
															You can leave a response, or trackback from your own site.


						
				


	One Response to “Disable weak ciphers in Tomcat”

	
			
				
				
						Pedro says:		
		
		
			February 16, 2012 at 4:41 pm		

		Hi, there is typo error at the end of the attribute ciphers, it’s neccesary to close the double quotes.

		
				
		

	

	
		
		
	
 




Leave a Reply


	Click here to cancel reply.







Name (required)


Mail (will not be published) (required)


Website


        
    
        			
    
	
        
            
				 

     
        
         
    
			
        
            			   
    			    
 
 



    			            
    			            
    			            
    			            

    			    
    			    
    			
    					        
		
		  Tags
Active Directory
Apache
ASP
Backup
BASH
CentOS
Citrix
Cron
ESXi
Exchange
Exim
FTP
GPG
high availability
Horde
IIS
IPTables
Linux
mailman
MSSQL
MySQL
Nagios
PCI
Perl
PHP
Plesk
Postfix
Qmail
RedHat
RPM
Ruby
Samba
Shell
SMTP
Spamassassin
SSH
SSL
Subversion
Ubuntu
vmware
vSphere
Windows
Xenserver
yum
Zeus
Categories
		
	Android (1)

	Database (12)

	Domains (1)

	Email (15)

	ESXi (6)

	LAMP (9)

	Linux (83)

	MSSQL (1)

	Plesk (23)

	Programming (14)

	Tomcat (2)

	Uncategorized (1)

	Virtualisation (7)

	vSphere (6)

	Windows (22)

		
				Recent Posts
		
					
				AppLocker blocking Logon scripts
						
					
				Clear ARP on various systems
						
					
				ESXi won’t boot from USB stick
						
					
				Veeam as a vSphere backup solution
						
					
				Distributed Monitoring in Nagios with check_mk multisite
						
					
				vSphere ESXi firmware & driver alignment
						
					
				check_cab Nagios plugin for Hawk-I rack monitoring
						
					
				Configuring ESXi network coredump settings
						
					
				Moving from SysV to Systemd
						
					
				Export Java Keystore Certificate & Private Key to PEM
						
					
				Gluster active/passive cluster
						
					
				Destroy gluster brick
						
				
		
Systems Administrator Blogs
	
Freelance System Administrator

	

Useful Sites
	
Luxury Wedding Invitations
Wedding Table Plans
Wyre Forest Rentals


			
				Copyright © Tom Vernon -  Technical scribble….. 

                
                    Powered by WordPress