Hi All, I am using Tomcat 4.1.30 stand-alone with j2re1.4.2_04 to serve HTTPS connections. I would like to disable the support for low encryption ciphers like SSL_RSA_EXPORT_WITH_RC4_40_MD5. I have seen from the following page that these are the supported ciphers:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html I would only like to maintain support for Medium and High encryption ciphers which range with a strength of => 128. I looked at the attributes that Tomcat 4.1 uses and it doesn't have the "cipher" attribute which I could use to force the encryption suite to use. I am not looking to upgrade my Tomcat anytime soon. Any ideas would be greatly appreciated. Feel free to correct me if I am also taking the wrong way of solving this problem. Main goal here is to disable the support for any Low Encryption on the Tomcat server. This is for added security. Regards, reyus1