-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Pierre,
On 4/25/18 12:16 PM, Pierre Chiu wrote: > Hi Alexandre, > > This is what I am doing. A+ on SSLabs. > > https://orclcs.blogspot.ca/2017/03/tomcat-9-java-8-with-https.html > <https://orclcs.blogspot.ca/2017/03/tomcat-9-java-8-with-https.html> The > > A+ is coming from your use of HSTS. If you had not enabled HSTS, you wouldn't get the A+. Note that SSLLabs considers some of your cipher suites as "weak" (e.g. TLS_RSA_WITH_AES_256_GCM_SHA384) and yet you still get an A+ rating. Those ratings are quite subjective as you can see. Thanks, - -chris >> On Apr 25, 2018, at 11:06 AM, Alexandre Adao >> <alexa...@gmail.com> wrote: >> >> I am currently running Apache Tomcat 9.0.6. I would like to >> disable the Weak Cipher like TLS_DHE or what will be the best >> Cipher type to get "A" from SSlabs test. >> >> >> the SSLImplementation selected. JSSE style configuration is used >> below. --> >> >> <Connector port="443" >> protocol="org.apache.coyote.http11.Http11NioProtocol" >> maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate >> certificateKeyFile="conf/xxx.key" certificateFile="conf/xxx.crt" >> certificateChainFile="conf/ixxxxxx-bundle" type="RSA" /> >> </SSLHostConfig> > > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlrgr7gACgkQHPApP6U8 pFiI6RAAjU4mJhOdWRoCLu2L6GTtKnUlWrqo15sVs/xAJgoRuN7SKsZtsaM8cTzh NOz2+vQs0XHtEH98xuXStqdejLp5iQxCBwY4bqnkRzqimjtJrjkUnwEqQ9TAO5na OL9m4F6a+LCLb9RjyE9c4tD09RbV8L4y7KI2VOuOoH2PO2gGmeeEN4IFY3navpf3 8b5l979POGuNP1fa2sCfvpqC8kCiMyvjtPORuuHJd40gxB5WqD9D5WfNbCrAufT0 dyyj5JeCFR2MX8WT1vJdtMRCMV77Bn4NvKcso3Raqw4JwYaw/Oxu20fpgIrqf3zG igMmcu3CPJg3tX0uNOrMulEBAVcKWtgASPolpprgOiRI+lWqIiXA/L7zHWUDVMZT pLZj9CuHi3ZwbDlc3IqLW1ED4uv6IqyZQCERiWN0wTcYm11ver2uthdsxqcqFYNZ ob0QvFC2qTrzjsosTTpP08ISHdeLWpJBgd+48KzBpy/rOqTibDA/eVt9hf3XoHH0 J8UuXlJ7JCjraQoYe0lNsZFiql9SpjNNzjpvthpPTirfbrnVevffqUJdypRtUvFp xuZzrxQh3dvN1nJ6HL1Ua3Yrv6u5mk2EqAg5Y/qxKiHmfeus7MCy+sVcuexUhbVD zQnzZKbES20gITwYwUQ6ioTbl+lunTaNB4rf0RTTgkecm/q1/vg= =As6K -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
