...
- Open the
<PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xmlfile. - Take Make a backup of the
catalina-server.xmlfile and stop the Carbon server. - Find the Connector configuration corresponding to TLS (usually, this connector has the port set to 9443 and the
sslProtocolas TLS).If you are using JDK 1.6, remove the
sslProtocol="TLS"attribute from the configuration and replace it withsslEnabledProtocols="TLSv1"as shown below.Code Block <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="9443" bindOnInit="false" sslEnabledProtocols="TLSv1"If you are using JDK 1.7, remove the
sslProtocol="TLS"attribute from the above configuration and replace it withsslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"as shown below.Code Block <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="9443" bindOnInit="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
Start the server.
Note In some Carbon products, such as WSO2 ESB and WSO2 API Manager, pass-thru transports are enabled. Therefore, to disable SSL version 3 in such products, the
axis2.xmlfile stored in the<PRODUCT_HOME>/repository/conf/axis2/directory should also be configured.
...
- Go to the
catalina-server.xmlfile in the<PRODUCT_HOME>/repository/conf/tomcatdirectory. - Take Make a backup of the
catalina-server.xmlfile and stop the Carbon server (same as for disabling SSL version 3). Add the
cipherattribute to the existing configuration in thecatalina-server.xmlfile by adding the list of ciphers that you want your server to support as follows:ciphers="<cipher-name>,<cipher-name>".Code Block ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"- Start the server.