I recently performed a test on SSLLabs and got the rating C.
How do I improve the rating? I checked the ssl version using 'openssl version' - It was OpenSSL 0.9.8. I upgraded to OpenSSL 1.0.1g.
My environment is
Apache Tomcat 7.0.30
java version "1.7.0_05"
I am having JSSE connector in my server.xml.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/usr/local/test.keystore" compression="on"
How to remove the weak ciphers from the list? And how to enable forward secrecy? Also session resumption(caching) is turned off. How to turn it on?
I am trying to make the changes in my local linux machine. Is there a way to test after necessary changes in my system rather than changing in production environment and do the SSL lab test for production environment?
Please help as this is urgent. I am a newbie in SSL domain.