0 Replies Latest reply: Nov 23, 2009 10:56 AM by 807567 RSS

    Java webconsole supports weak ciphers

      Security scan reports our smcwebconsole supports weak ciphers and verified with openssl, for example -cipher DES-CBC-SHA (on the LOW cipher strength list), also EDH-RSA-DES-CBC-SHA connect and allow a GET.

      I'm looking at /var/webconsole/domains/console/conf/server.xml or console.xml, and actually tried to put in a "ciphers=" directive as a lot of the online Tomcat docs suggest, but it is marked "DO NOT EDIT" and was reverted on restarting.

      What is the master config location for this directive?