Minimum Encryption Strength.

You should set the minimim encryption strength that your server accepts to at least 128-bit, or preferably higher.

For example on a venerable old Tomcat 4 server you can edit the following ciphers entry in the server.xml file:

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector acceptCount="100"
    className="org.apache.coyote.tomcat4.CoyoteConnector"
    debug="0"
    disableUploadTimeout="true"
    enableLookups="false"
    maxProcessors="150"
    minProcessors="5"
    port="8443"
    scheme="https"
    secure="true"
    useURIValidationHack="false"
    ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" keystoreFile="E:/dexterra/ConcertServer/platform-dist/server/conf/security/jdex.jks" keystorePass="password" protocol="TLS"/>   
</Connector>
Copyright Donald Horrell 2012, 2013. All rights reserved