continuing our tradition from last year (see here and here), we summarized more of our hardening recommendations for you. This guide is covering Tomcat 7 and is supposed to provide a solid base of hardening measures. It includes configuration examples and all necessary commands for each control, specifically for the most recent branch of Tomcat as there were some significant changes. Download: ERNW_Checklist_Tomcat7_Hardening.pdf
Have a good one,
Regarding the SSL configuration, you may want to disable RC4 and enable the ciphers that support perfect forward secrecy, e.g. ECDHE and DHE.
Also, might be worth disabling compression on the connector with: ssldisablecompression=”true” to defend against CRIME.
The above cribbed from: https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf
thank you very much for the comment! The document was composed in the course of a specific question set which required this particular SSL configuration. However we will incorporate your comments in the next version, as this should be a generic hardening guide.
Thanks & have a good one,
Comments are closed.