Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "HowTo/SSLCiphers" page has been changed by KonstantinKolinko: http://wiki.apache.org/tomcat/HowTo/SSLCiphers Comment: New FAQ page - how configure the list of ciphers on a Connector New page: = How do I restrict the list of SSL ciphers used by Connector = Firstly, the configuration attribute and its values depend on what HTTPS implementation you are using. You may be using either Java-based implementation aka JSSE — with BIO and NIO connectors, or OpenSSL-based implementation — with APR connector. '''Links:''' * [[http://tomcat.apache.org/tomcat-7.0-doc/config/http.html|HTTP Connector configuration reference (Tomcat 7)]] == Using Java implementation == For BIO and NIO connectors the attribute that specifies the list of ciphers is called '''ciphers''' and multiple values are separated by a comma (`,`). For the list of possible values see the list of cipher suite names for your version of Java, e.g. * [[http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames|Oracle Java 6]] * [[http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames|Oracle Java 7]] See thread "Default SSL ciphers supported by Tomcat 6" from October 2009 [[http://markmail.org/message/zn4namfhypyxum23|here]] for a short program that displays available ciphers in your particular JVM. '''Sample configuration:''' {{{ ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA" }}} == Using OpenSSL implementation (APR connector) == For APR connector the attribute that specifies the list of ciphers is called '''SSLCipherSuite''' and multiple values are separated by a colon (`:`). Generally, it is configured in the same way as `SSLCipherSuite` directive of [[http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite|mod_ssl of Apache HTTPD server]]. For the list of possible values see [[http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html|OpenSSL documentation]], or run `openssl.exe ciphers -v`. '''Sample configurations:''' a) {{{ SSLCipherSuite="RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW" }}} b) {{{ SSLCipherSuite="RC4-SHA" }}} ---- [[CategoryFAQ]] --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
