You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Rey Batioco <re...@gmail.com> on 2006/02/07 05:22:34 UTC

Disable support for low encryption ciphers in tomcat 4.1.30

Hi All,

I am using Tomcat 4.1.30 stand-alone with j2re1.4.2_04 to serve HTTPS
connections. I would like to disable the support for low encryption ciphers
like SSL_RSA_EXPORT_WITH_RC4_40_MD5. I have seen from the following page
that these are the supported ciphers:

http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html

I would only like to maintain support for Medium and High encryption ciphers
which range with a strength of => 128.

I looked at the attributes that Tomcat 4.1 uses and it doesn't have the
"cipher" attribute which I could use to force the encryption suite to use.
I am not looking to upgrade my Tomcat anytime soon.

Any ideas would be greatly appreciated. Feel free to correct me if I am also
taking the wrong way of solving this problem. Main goal here is to disable
the support for any Low Encryption on the Tomcat server. This is for added
security.

Regards,

reyus1