If you are using TLS (for HTTPS typicaly) you may want to remove some Cipher Suites.
You maybe a little bit less compatible, but also a bit more secure. Things will be better when TLS1.2 is implemented everywhere.
You can also claim to be FIPS 140 compliant: http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf !
How to do it:
- From the command line: http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Customization
- From code: http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites(java.lang.String%5B%5D)
- Jetty: http://wiki.eclipse.org/Jetty/Howto/CipherSuites
- Tomcat: Look at the "ciphers" attribute in http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support
If someone knows how to do it on the IBM J9 via configuration, I am interested.
No comments:
Post a Comment