AnsweredAssumed Answered

Query regarding SSL Test Tool

Question asked by Shah on Dec 26, 2012
Latest reply on Jan 7, 2013 by Ivan Ristić



When I test my domain in SSLTest Tool, under "Cipher Suites (sorted by strength; server has no preference)" category, it is showing me many ciphers with status (Weak or INSECURE) with other details.


I want to know how it detect these ciphers. My application is deployed in Tomcat 7.0.26 and I haven't configured any such ciphers in Tomcat in Server.xml file.


For testing purpose, I changed ciphers in Server.xml in below tag.


     <Connector port="443" scheme="https





But no effect of updated ciphers list in Tool. So from where tool get these ciphers list?

Tool shows Ciphers Strength 60% and over rating F (0). So how can I disable weak ciphers in this?


Any kind of help would be appreciated?


Thanks in Advance.