jeudi 12 février 2015

What ciphers do I need to disable in tomcat to match a specific apache conf?



I have instructions to disable weak ciphers in apache by adding SSLCipherSuite ALL:!MD5:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM to my httpd.conf.


I am actually running tomcat, and in my server.xml file I have the following ciphers enabled...



TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA


Can anyone tell me which ones would need to be removed to match what would normally be going into the httpd.conf?





Aucun commentaire:

Enregistrer un commentaire