Page History

...

1. Open the <PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xml file.
2. Make a backup of the catalina-server.xml  file and stop the WSO2 product server.

3. Add the cipher  attribute to the existing configuration in the catalina-server.xml  file by adding the list of ciphers that you want your server to support as follows: ciphers="<cipher-name>,<cipher-name>". For example,
   

   Code Block

   For Tomcat version 7.0.59 and JDK version 1.7: ciphers="SSLTLS_RSAECDHE_WITH_RC4_128_MD5,SSL_RSA_ECDSA_WITH_RC4AES_128_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHESHA256,TLS_ECDHE_RSA_WITH_3DESAES_EDE128_CBC_SHASHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHASHA256,TLS_DHEECDHE_RSAECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256128_CBC_SHA" For Tomcat version 7.0.59 and JDK version 1.8: ciphers="SSL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_RC4AES_128_MD5CBC_SHA256,SSLTLS_DHE_RSA_WITH_RC4AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"

4. Start the server.

5. To verify that the configurations are all set correctly, download and run the TestSSLServer.jar.
   

   Code Block
   $ java -jar TestSSLServer.jar localhost 9443

6. Note that in the output that you get, the section "Supported cipher suites" does not contain any export ciphers.

...