The transport level security protocol of the Tomcat server is configured in the <PRODUCT_HOME>/conf/tomcat/catalina-server.xml file. Note that the ssLprotocol attribute is set to "TLS" by default.
See the following topics for detailed configuration options:
...
Follow the steps given below to disable SSL support on WSO2 Carbon based servers.
- Open the
<PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xmlfile. - Make a backup of the
catalina-server.xmlfile and stop the Carbon server. - Find the Connector configuration corresponding to TLS (usually, this connector has the port set to 9443 and the
sslProtocolas TLS).If you are using JDK 1.6, remove the
sslProtocol="TLS"attribute from the configuration and replace it withsslEnabledProtocols="TLSv1"as shown below.Code Block <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="9443" bindOnInit="false" sslEnabledProtocols="TLSv1"If you are using JDK 1.7, remove the
sslProtocol="TLS"attribute from the above configuration and replace it withsslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"as shown below.Code Block <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="9443" bindOnInit="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
Start the server.
Note In some Carbon products, such as WSO2 ESB and WSO2 API Manager, pass-thru transports are enabled. Therefore, to disable SSL in such products, the
axis2.xmlfile stored in the<PRODUCT_HOME>/repository/conf/axis2/directory should also be configured.
...
Firefox 39.0 onwards does not allow to access Web sites that support DHE with keys less than 1023 bits (not just DHE_EXPORT). 768/1024 bits are considered to be too small and vulnerable to attacks if the hacker has enough computing resources.
| Tip |
|---|
Tip: To use AES-256, the Java JCE Unlimited Strength Jurisdiction Policy files need to be installed. Downloaded them from http://www.oracle.com/technetwork/java/javase/downloads/index.html. |
| Tip |
|---|
Tip: From Java 7, you must set the |