What are ciphers one should specify in Tomcat configuration, apart from
sslProtocols="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
The corresponding document has no recommendations for ciphers. Currently I see the latest Chrome reporting the below problem:
The connection to this site uses a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256),
and an obsolete cipher (AES_128_CBC with HMAC-SHA1).
which means cipher list should be defined. Search over 'Net showed no definite up-to-date recommendations, all I have to do is to try list like
and experiment with adding/deleting ciphers, but if someone has better ideas, I would be glad to know.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG