2 Replies Latest reply: Dec 9, 2009 8:30 AM by wrobbins2 RSS

    Sun Management Center supports weak ciphers

      (reposting in a different, hopefully correct forum for SMC)

      Security scan reports our smcwebconsole supports weak ciphers and verified with openssl, for example -cipher DES-CBC-SHA (on the LOW cipher strength list), also EDH-RSA-DES-CBC-SHA connect and allow a GET.

      I'm looking at /var/webconsole/domains/console/conf/server.xml or console.xml, and actually tried to put in a "ciphers=" directive as a lot of the online Tomcat docs suggest, but it is marked "DO NOT EDIT" and was reverted on restarting.

      What is the master config location for this directive?