A cipher is an algorithm for performing encryption or decryption. You have the option of disabling the weak ciphers in the Tomcat server by modifying the SSL Connector container in the
catalina-server.xml file. Note that the ss
Lprotocol attribute is set to "TLS" by default, which ensures that only the TLS and default ciphers are enabled. Also, by default, all ciphers will be enabled regardless of whether they are strong or weak. Therefore, to disable the weak ciphers, you must ensure that only the ciphers you want your server to support are entered for the
ciphers attribute in a comma-separated list. Also, if you do not add this cipher attribute or keep it blank, all SSL ciphers by JSSE will be supported by your server, thereby enabling the weak ciphers.
To enable only the strong ciphers in a Carbon server:
- Locate the
catalina-server.xmlfile in the
- Take a backup of
- Stop the Carbon server.
- Carbon server uses TLS as the transport security protocol by default. In the
catalina-server.xmlfile, you can change the
sslProtocolattribute value to "SSL" if you want SSL to be enabled instead of TLS:
cipherattribute to the existing configuration in the
catalina-server.xmlfile by adding the list of ciphers that you want your server to support as follows:
For example, once you have completed the configuration, your connector will look as follows:
- Save the
- Restart the Carbon server.