You can disable the weak ciphers in the Tomcat server, by modifying the
cipher attribute in the SSL Connector container, which is in the
catalina-server.xml file. This can be done by entering the ciphers that you want your server to support in a comma-separated list. By default, all ciphers whether they are strong or weak will be enabled. However, if you do not add the
cipher attribute or keep it blank, all SSL ciphers by JSSE will be supported by your server, and thereby enable your weak ciphers.
To disable weak and enable strong ciphers in a Carbon server:
- Locate the
catalina-server.xmlfile in the
- Take a backup of
- Stop the Carbon server.
cipherattribute to the existing configuration, in the
catalina-server.xmlfile with the list of ciphers that you want your server to support as follows:
For example, once you have completed the configuration your connector will look as follows:
- Save the
- Restart the Carbon server.