On 08/04/2016 14:40, Kikkeri, Amith wrote: > Thanks... I will me more detailed. > We don't use Apache HTTPD or ngnix. It's just tomcat7. Below is my connector > configuration. > > <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" > maxThreads="150" SSLEnabled="true" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > keystoreFile=" " > keystorePass=" "/>
As of the next Tomcat 7 release, you should see improved defaults. For more details see: http://wiki.apache.org/tomcat/Security/Ciphers The best achievable results will depend on the Java version you use and whether or not you use the JCE Unlimited Strength Jurisdiction Policy Files. Mark > > > > Regards, > Amith > > > > -----Original Message----- > From: Olaf Kock [mailto:tom...@olafkock.de] > Sent: Friday, April 08, 2016 9:29 AM > To: users@tomcat.apache.org > Subject: Re: Appscan Issues > > > > Am 08.04.2016 um 15:17 schrieb Kikkeri, Amith: >> Hi, >> Appscan was performed on our application and 2 issues were encountered. >> Could anyone please let me know how to resolve these issues ? We use tomcat7. >> >> Browser Exploit Against SSL/TLS (a.k.a. BEAST) >> RC4 cipher suites were detected >> (Remove support of SSLv3/TLS1.0 cipher suites with CBC.) > Sure. Remove SSL support. > > Seriously: With the level of information that you give, what's the level of > detail that you expect back? > > Are you using tomcat only? Do you front it with Apache httpd? nginx? Any > loadbalancer or SSL-Terminator (pardon the use of SSL here)? If you only have > tomcat, what's the configuration of your https connector? Which of the > options that are documented in the connector's documentation > (http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support or > http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html among others) do you > need help with? > > Olaf > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
