Configuration like mentioned below should be able to resolve your issue:
<Connector port="{{ https_port }}"
protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreType="JKS" keystoreFile="{{path_to_keystore}}"
keystorePass="{{ keystore_password }}"
clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1,
TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />
Srikanth Hugar
www.gharki.com
On Thu, Oct 1, 2015 at 10:22 AM, Rahul Singh <rksing...@hotmail.com> wrote:
> Dear Tomcat Support Team,Thanks for your continuous support.
> In our Application Tomcat V 7.0.54 is used. We are facing the problem of
> "Server has a weak, ephemeral Diffie-Hellman public key
> ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY"
> In chrome browser.
> Tomcat server .xml have following configuration, which does not contain
> chipher, it means it used default cipher.
> ================================================================<Connector
> port="8585" minSpareThreads="5" enableLookups="true"
> redirectPort="8282" acceptCount="32"
> connectionTimeout="60000"/> <Connector port="8282" minSpareThreads="5"
> SSLEnabled="true" enableLookups="true"
> acceptCount="32" scheme="https" secure="true"
> clientAuth="false" sslEnabledProtocols="TLSv1.2"
>
> algorithm="SunX509"/>================================================================
> Underline JAVA is : OpenJDK Runtime Environment (rhel-2.5.5.3.el6-x86_64
> u79-b14)
> So could ypu please assist me to understand the following things.
> 1- What value of default cipher is using in My application.2- Does it
> require to update for working with lates Browser chrome and fixing the
> "Diffie-Hellman" security issue.
> Regards,Rahul kumar Singh
