This documentation is for WSO2 Carbon 4.4.1. View documentation for the latest release.
Page Comparison - Configuring Transport Level Security (v.7 vs v.8) - Carbon 4.4.1 - WSO2 Documentation
Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open the <PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xml file.
  2. Make a backup of the catalina-server.xml  file and stop the WSO2 product server.
  3. Add the cipher  attribute to the existing configuration in the catalina-server.xml  file by adding the list of ciphers that you want your server to support as follows: ciphers="<cipher-name>,<cipher-name>". For example,

    Code Block
    For Tomcat version 7.0.59 and JDK version 1.7:
    ciphers="SSLTLS_RSAECDHE_WITH_RC4_128_MD5,SSL_RSA_ECDSA_WITH_RC4AES_128_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,
             SSL_DHESHA256,TLS_ECDHE_RSA_WITH_3DESAES_EDE128_CBC_SHASHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHASHA256,TLS_DHEECDHE_RSAECDSA_WITH_AES_128_CBC_SHA,
             TLS_ECDHE_RSA_WITH_AES_256128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256128_CBC_SHA"  
    
    For Tomcat version 7.0.59 and JDK version 1.8:
    ciphers="SSL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_RC4AES_128_MD5CBC_SHA256,SSLTLS_DHE_RSA_WITH_RC4AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
  4. Start the server.
  5. To verify that the configurations are all set correctly, download and run the TestSSLServer.jar.

    Code Block
    $ java -jar TestSSLServer.jar localhost 9443
  6. Note that in the output that you get, the section "Supported cipher suites" does not contain any export ciphers.

...