You can disable the weak ciphers in the Tomcat server by modifying
cipher attribute in SSL Connector container in the
catalina-server.xml file. However, if you leave the
cipher attribute out or keep it blank, all SSL ciphers by JSSE will be supported by your server; otherwise, you can enter the ciphers that you want your server to support in a comma-separated list.
To disable weak ciphers in a Carbon server:
- Locate the
catalina-server.xmlfile in the
- Take a backup of
- Stop the Carbon server.
cipherattribute to the existing configuration, in the
catalina-server.xmlfile with the list of ciphers that you want your server to support.
For example, once you have completed the configuration your connector will look as follows:
- Save the
- Restart the Carbon server.