Posts Tagged ‘Tomcat’

Disable weak ciphers in Tomcat

PCI compliance requires that weak and medium strength SSL ciphers are disabled, along with SSLv2 functionality. To achive this, just add the following to your SSL connector within server.xml and restart tomcat. sslProtocol should be set to TLS or SSLv3 and the ciphers setting should be added as below. Typically the server.xml will be in: […]