WSO2 Complex Event Processor is succeeded by WSO2 Stream Processor. This documentation is for WSO2 Complex Event Processor 4.1.0. View documentation for the latest release.
||
Skip to end of metadata
Go to start of metadata

cipher is an algorithm for performing encryption or decryption. You can disable the weak ciphers in the Tomcat server by modifying the cipher attribute in the SSL Connector container, which is in the catalina-server.xml file. Enter the ciphers that you want your server to support in a comma-separated list. By default, all ciphers, whether they are strong or weak, will be enabled. However, if you do not add the cipher attribute or keep it blank, all SSL ciphers by JSSE will be supported by your server. This will enable the weak ciphers.

The steps below explain how to disable weak and enable strong ciphers in a product:

  1. Take a backup of <PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xml file.
  2. Stop the server.
  3. Add the cipher attribute to the existing configuration in the catalina-server.xml file with the list of ciphers that you want your server to support as follows:

    ciphers="<cipher-name>,<cipher-name>"

    The example below shows how a connector looks after an example configuration is done:

     <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
                    port="9443"
                    bindOnInit="false"
                    sslProtocol="TLS"
                    maxHttpHeaderSize="8192"
                    acceptorThreadCount="2"
                    maxThreads="250"
                    minSpareThreads="50"
                    disableUploadTimeout="false"
                    enableLookups="false"
                    connectionUploadTimeout="120000"
                    maxKeepAliveRequests="200"
                    acceptCount="200"
                    server="WSO2 Carbon Server"
                    clientAuth="false"
                    compression="on"
                    scheme="https"
                    secure="true"
                    SSLEnabled="true"
                    compressionMinSize="2048"
                    noCompressionUserAgents="gozilla, traviata"
                    compressableMimeType="text/html,text/javascript,application/x-        
                    javascript,application/javascript,application/xml,text/css,application/xslt+xml,
                    text/xsl,image/gif,image/jpg,image/jpeg"
                    ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,
                    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,
                    SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
                    keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks"
                    keystorePass="wso2carbon" 
                    URIEncoding="UTF-8"/>
  4. Save the catalina-server.xml file.

  5. Restart the server.
  • No labels