AnsweredAssumed Answered

SSL Labs test rating in Apache Tomcat 7.0.30

Question asked by Anila John on May 21, 2014
Latest reply on May 22, 2014 by butdk

Hi,

I recently performed a test on SSLLabs and got the rating C.

SSLLabs rating.jpg

 

 

protocol.jpg
weak cipher list.jpg

 

How do I improve the rating? I checked the ssl version using 'openssl version' - It was OpenSSL 0.9.8. I upgraded to OpenSSL 1.0.1g.

My environment is

Apache Tomcat 7.0.30

java version "1.7.0_05"

I am having JSSE connector in my server.xml.

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

               maxThreads="150" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS"  keystoreFile="/usr/local/test.keystore" compression="on"  

               compressableMimeType="text/html,text/xml,text/json,text/javascript,text/css,text/plain"

               keystorePass="123456"/>

 

How to remove the weak ciphers from the list? And how to enable forward secrecy? Also session resumption(caching) is turned off. How to turn it on?

I am trying to make the changes in my local linux machine. Is there a way to test after necessary changes in my system rather than changing in production environment and do the SSL lab test for production environment?

 

Please help as this is urgent. I am a newbie in SSL domain.

 

Thanks,

Anila

Outcomes