Re: How disable the Weak Cipher like TLS_DHE on APACHE 9.0.6

Thank you for your help. I really appreciated. This is my current settings on Cipher Tomcat 9.0.6 and It has received grade "A" from SS Labs. On Wed, Apr 25, 2018 at 1:05 PM, Pierre Chiu wrote: > That was an A+ as of 2017. SSL Labs changes their check multiple times > since th

Re: How disable the Weak Cipher like TLS_DHE on APACHE 9.0.6

That was an A+ as of 2017. SSL Labs changes their check multiple times since then and we never revisit the setup. Admin blocked port 80 doesn't help either. 80 is supposed to do a redirection :) > On Apr 25, 2018, at 12:41 PM, Christopher Schultz > wrote: > > -BEGIN PGP SIGNED MESSAGE--

Re: How disable the Weak Cipher like TLS_DHE on APACHE 9.0.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pierre, On 4/25/18 12:16 PM, Pierre Chiu wrote: > Hi Alexandre, > > This is what I am doing. A+ on SSLabs. > > https://orclcs.blogspot.ca/2017/03/tomcat-9-java-8-with-https.html >

Re: How disable the Weak Cipher like TLS_DHE on APACHE 9.0.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pierre, On 4/25/18 12:16 PM, Pierre Chiu wrote: The A+ is coming from your use of HSTS. If you had not enabled HSTS, you wouldn't get the A+. Note that SSLLabs considers some of your cipher suites as "weak" (e.g. TLS_RSA_WITH_AES_256_GCM_SHA384)

Re: How disable the Weak Cipher like TLS_DHE on APACHE 9.0.6

Hi Alexandre, This is what I am doing. A+ on SSLabs. https://orclcs.blogspot.ca/2017/03/tomcat-9-java-8-with-https.html > On Apr 25, 2018, at 11:06 AM, Alexandre Adao wrote: > > I am currently running Apache Tomcat 9.0.6.

Re: How disable the Weak Cipher like TLS_DHE on APACHE 9.0.6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Alexandre, On 4/25/18 11:06 AM, Alexandre Adao wrote: > I am currently running Apache Tomcat 9.0.6. I would like to disable > the Weak Cipher like TLS_DHE or what will be the best Cipher type > to get "A" from SSlabs test. > > > the SSLImplementat