AnsweredAssumed Answered

Query regarding SSL Test Tool

Question asked by Shah on Dec 26, 2012
Latest reply on Jan 7, 2013 by Ivan Ristić

Hi,

 

When I test my domain in SSLTest Tool, under "Cipher Suites (sorted by strength; server has no preference)" category, it is showing me many ciphers with status (Weak or INSECURE) with other details.

 

I want to know how it detect these ciphers. My application is deployed in Tomcat 7.0.26 and I haven't configured any such ciphers in Tomcat in Server.xml file.

 

For testing purpose, I changed ciphers in Server.xml in below tag.

 

     <Connector port="443" scheme="https

         .....

         ......

     </Conncetor>

 

But no effect of updated ciphers list in Tool. So from where tool get these ciphers list?

Tool shows Ciphers Strength 60% and over rating F (0). So how can I disable weak ciphers in this?

 

Any kind of help would be appreciated?

 

Thanks in Advance.

Outcomes