When I test my domain in SSLTest Tool, under "Cipher Suites (sorted by strength; server has no preference)" category, it is showing me many ciphers with status (Weak or INSECURE) with other details.
I want to know how it detect these ciphers. My application is deployed in Tomcat 7.0.26 and I haven't configured any such ciphers in Tomcat in Server.xml file.
For testing purpose, I changed ciphers in Server.xml in below tag.
<Connector port="443" scheme="https
But no effect of updated ciphers list in Tool. So from where tool get these ciphers list?
Tool shows Ciphers Strength 60% and over rating F (0). So how can I disable weak ciphers in this?
Any kind of help would be appreciated?
Thanks in Advance.