The list of ciphers for the connector can be adjusted according to your corporate security policy. For information about configuring the SSL connector for the Tomcat Server, see Configuring the SSL Connector for Tomcat Server.
The following table lists the ciphers that are considered reasonably secure at this time:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 |
TLS_RSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 |
TLS_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 |
TLS_RSA_WITH_AES_256_CBC_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 |
TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 |
TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384 |