July 2018
M T W T F S S
« Jun    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Categories

WordPress Quotes

Life shrinks or expands in proportion to one's courage.
Anais Nin

Recent Comments

July 2018
M T W T F S S
« Jun    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (30)
Ansibile (18)
Apache (125)
Asterisk (2)
cassandra (2)
Centos (208)
Centos RHEL 7 (254)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (24)
Eassy (11)
EXCHANGE (3)
Fedora (6)
ftp (5)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
horoscope (23)
Hyper-V (10)
IIS (15)
IPTABLES (15)
JAVA (6)
JBOSS (32)
jenkins (1)
Kubernetes (2)
Ldap (5)
Linux (189)
Linux Commands (167)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (21)
MYSQL (82)
Nagios (5)
NaturalOil (13)
Nginx (29)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (34)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (59)
Uncategorized (29)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

25 visitors online now
5 guests, 20 bots, 0 members

Hit Counter provided by dental implants orange county

SSL 64-bit Block Size Cipher Suites Supported (SWEET32) – Tomcat

Following on from the Windows vulnerability for SWEET32, Here’s how to resolve the same issue with Tomcat 8. This use the OpenSSL format string for ciphers, so can also be applied to anything using the same cipher list.

ciphers=”HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!ECDHE-RSA-DES-CBC3-SHA”
Simply by adding the !ECDHE-RSA-DES-CBC3-SHA to your existing : delimited cipher list disables the cipher on the server. The prefix ! means NOT – which disables the cipher.

Alternatively you can simply disable all ciphers using triple DES using !3DES.

When you encounter some other cipher vulnerability listed in you Nessus scan just copy the cipher name into the list prefixed with !. Be wary that some of your connecting applications may not like this. So keep a log of what you added so you can rollback.

To use the AES 256 bit ciphers, it is necessary to install the JCE Unlimited Strength Jurisdiction Policy Files.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

Blue Captcha Image
Refresh

*

Protected by WP Anti Spam