Page Comparison

The transport level security protocol of the Tomcat server is configured in the <PRODUCT_HOME>/conf/tomcat/catalina-server.xml file. Note that the ssLprotocol attribute is set to "TLS" by default.
See the following topics for detailed configuration options:

...

Firefox 39.0 onwards does not allow to access Web sites that support DHE with keys less than 1023 bits (not just DHE_EXPORT). 768/1024 bits are considered to be too small and vulnerable to attacks if the hacker has enough computing resources.

Tip
Tip: To use AES-256, the Java JCE Unlimited Strength Jurisdiction Policy files need to be installed. Downloaded them from http://www.oracle.com/technetwork/java/javase/downloads/index.html.

Tip

Tip: From Java 7, you must set the jdk.certpath.disabledAlgorithms property in the <JAVA_HOME>/jre/lib/security/java.security file to jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048. It rejects all algorithms that have key sizes less than 2048 for MD2, DSA and RSA.

Note
Note that is tip is not applicable when you are disabling weak ciphers in WSO2 Identity Server.

Versions Compared

Old Version 6

New Version 7

Key