-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alexandre,
On 4/25/18 11:06 AM, Alexandre Adao wrote: > I am currently running Apache Tomcat 9.0.6. I would like to disable > the Weak Cipher like TLS_DHE or what will be the best Cipher type > to get "A" from SSlabs test. > > > the SSLImplementation selected. JSSE style configuration is used > below. --> > > <Connector port="443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate > certificateKeyFile="conf/xxx.key" certificateFile="conf/xxx.crt" > certificateChainFile="conf/ixxxxxx-bundle" type="RSA" /> > </SSLHostConfig> Have a look at this page on the Wiki: https://wiki.apache.org/tomcat/Security/Ciphers It looks like that page could use some updating with the most-recent versions of Tomcat/Java. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlrgqGQACgkQHPApP6U8 pFjacA//RSI31Pc9nEq8HVeAFfDgX9k5/jc/WdJL9B8OHP8AFNYajkEqWVeqQ2Um MamvJ/Hvia/Ixy7Mlwfm27+NhedYi0ZSThsLArZh5C3LTeUjCTg1tT2WQkvJBVUp njDHKVCELX1hoO8CngsGWuK14bEjGqsauSm+HoamQ/4zo365afpQAgaBSGiu80i2 kgMXGoLCVl8N755tBYLuS3tsTj4RerXjXQlg6QLnrIRCl2WMveI2NttHuD8fDdhE FHeQU12wm4m0CzWk4XhJ28JNA064rYRtqi9sklPQpEWg2SVubVgdRYYuLek2z8yv bmbyGo7RZU/Lf/uKAhfjeoD1g+wxZln2TOZVf+j33CKVhBeIVTPLZlOKYxYiz24f e8cDvsn0974YaoHXwaVqbhSsUUeerLrt+vzZwbfTbC8/+dvdwZM4x42+rYyjBEqU CeZ7M7Jh5iwht7zJ3DBpXFQSoms8fGtU0vFHU/yIeR/a1/wWxbGJTsKpYbXX+s5E aWebMnvnGwhRNtYQ/FsDP9BvXcIy/eNIyxubJ45nY4MWNo+CQPm9UkXvQRgMewuK Uy19EKVZfudb33EDlejSYLiyyYKj+W0Nn6GWpvUrRgcQPXQCo5ZsD6JwDKG2orCe RXnIJmZnoZkJkDpledx1Uujbt5HSmYHV09bMfUCTPJipOvpsmBw= =bA7P -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
