A cipher is an algorithm for performing encryption or decryption. You can disable the weak ciphers in the Tomcat server by modifying the
cipher attribute in the SSL Connector container, which is in the
catalina-server.xml file. Enter the ciphers that you want your server to support in a comma-separated list. By default, all ciphers, whether they are strong or weak, will be enabled. However, if you do not add the
cipher attribute or keep it blank, all SSL ciphers by JSSE will be supported by your server. This will enable the weak ciphers.
The steps below explain how to disable weak and enable strong ciphers in a product:
- Take a backup of
- Stop the server.
cipherattribute to the existing configuration in the
catalina-server.xmlfile with the list of ciphers that you want your server to support as follows:
The example below shows how a connector looks after an example configuration is done:
- Restart the server.