I want to quickly verify for a Tomcat 6 server (and higher) that it's not providing any weak cipher suites.
(1) (How) can this be done remotely?
(2) How can this be done locally, on a Linux (Ubuntu) server?
Asked
Active
Viewed 1,107 times
0
-
1) You need to create a service on your own. Why should a server expose this info? 2) http://stackoverflow.com/questions/9333504/how-can-i-list-the-available-cipher-algorithms – Stefan Mar 02 '16 at 09:12
-
Unless you've reconfigured, the enabled ciphers are those of the JDK, which can be determined from the Security section of its Javadoc. You can't determine that remotely without custom SSL software, but a visit to ssllabs.com will tell you. – user207421 Mar 02 '16 at 09:29
-
Voted to close. While I was hoping for a Tomcat-specific solution, it might be better to consider more general solutions, as given at: http://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers – mstrap Mar 02 '16 at 09:44