Tomcat SSL Fails SSL-LABS Sacan

Posted by Wilmer on Server Fault See other posts from Server Fault or by Wilmer
Published on 2012-12-16T01:39:57Z Indexed on 2012/12/16 5:07 UTC
Read the original article Hit count: 142

Filed under:

ssl

|

tomcat

|

pci

I have installed an SSL for power2process.net but when i scan it with SSL-labs it ails for PCI compliancy: SSL_labs Scan

Here is the portion of my SSL Connector in the server.xml

Connector port="443" maxhttpheadersize="8192" address="127.0.0.1" enablelookups="false"
protocol="org.apache.coyote.http11.Http11Protocol"
disableUploadTimeout="true" acceptCount="100"
slProtocol="SSLv3+TLSv1"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"

   maxThreads="150" connectionTimeout="20000"
   SSLEnabled="true" scheme="https" secure="true"
   keystoreFile="/export/home/webadm/tomcat/conf/.keystore"
   keystorePass="*******"
   clientAuth="true"
   URIEncoding="UTF-8" compression="on"/>

the JRE version is "1.6.0_10"

© Server Fault or respective owner

Related posts about ssl

Plesk SSL Certificate (Default cert when SSL enabled, CORRECT cert when SSL is disabled)

as seen on Server Fault - Search for 'Server Fault'
I'm running Plesk 8.6.0: I have an SSL cert installed through Plesk's admin interface. But I have a bit of an issue: When I enabled SSL for the site, and selected my cert, then restart httpd, Plesk defaults to using my self-signed default certificate. Conversely, when I disable SSL support for the… >>> More
apache renew ssl not working [on hold]

as seen on Server Fault - Search for 'Server Fault'
Downloaded a new ssl cert from go daddy and installed the cert on apache2 server put the cert in /etc/ssl/certs/ folder put the gd_bundle.crt in the /etc/ssl/ folder private key is in /etc/ssl/private/private.key I just replaced the original files with the new files, did not replace the private… >>> More
Cant connect to mysql using self signed SSL certificate

as seen on Server Fault - Search for 'Server Fault'
After creating a self-signed SSL certificate, I have configured my remote mysqld to use them (and ssl is enabled) I ssh into my remote server, and try connecting to its own mysqld using ssl (mysql server is 5.5.25).. ~> mysql -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client… >>> More
How to log invalid client SSL certificate in SSL

as seen on Server Fault - Search for 'Server Fault'
I have a IIS web site which requires client certificate. I have turned off CRL checking. The client is unable to access the web site - he gets 403.17 (certificate expired) error. I would like to log the certificate he is using, becaue I think he is using the wrong certificate. Is there a way to… >>> More
Mixing SSL and non-SSL content in an Apache2 virtual host

as seen on Server Fault - Search for 'Server Fault'
I have a (hopefully) common scenario for one of my sites that I just can't seem to figure out how to deploy correctly. I have the following site and directories for example.com: These need to require SSL: /var/www/example.com/admin /var/www/example.com/order These need to be non-SSL: /var/www/example… >>> More

Related posts about tomcat

SSL in tomcat with apr and Centos 6

as seen on Super User - Search for 'Super User'
I'm facing a problem setting up my tomcat with apr native lib, I have the following: Tomcat: 7.0.42 Java: 1.7.0_40-b43 OS: Centos 6.4 (2.6.32-358.18.1.el6.i686) APR: 1.3.9 Native lib: 1.1.27 OpenSSL: openssl-1.0.0-27.el6_4.2.i686 My server.xml looks like: ... <Listener className="org.apache… >>> More
Apache+Tomcat VS Stand Alone Tomcat or GlassFish

as seen on Server Fault - Search for 'Server Fault'
Hi, I am setting up a Debian server to serve Java web applications. I have done quite a bit of research for several weeks now. Tomcat's web site says it is better to use stand alone Tomcat for speed if you are not clustering. However, I have seen many people suggest that using Apache + Tomcat… >>> More
Tomcat - How to limit the maximum memory Tomcat will use

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Guys, I am running Tomcat on a small VPS (256MB/512MB) and I want to explicitly limit the amount of memory Tomcat uses. I understand that I can configure this somehow by passing in the java maximum heap and initial heap size arguments; -Xmx256m -Xms128m But I can't find where to put this… >>> More
Tomcat 4.1.X and Tomcat 5.0.X

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a problem about tomcat, Our application designed on Tomcat 4.1.X and When I restart Tomcat 4.1.X there is no problem. But I upgrade it to Tomcat 5.0.X. Now ,when I restart Tomcat 5.0.X session is down and application redirect me to login page. Any idea? >>> More
Restarting Tomcat from Tomcat itself

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, is it possible to restart Tomcat6 by executing a JSP? This because I would like to deploy the changes of an application by doing it remotely using the webserver. The deploy script is written in bash and it checkouts the latest version from the svn, then package it as a war, then copy it in… >>> More