Prerequisites for Tomcat

Disable Weak Ciphers

To disable weak ciphers, modify the SSL Connector container attribute inside the server.xml file with the required https connector tag details. The server.xml is located in the <Install_Drive>\tomcat\conf folder.

Add the following is a sample details to SSL connector tag:



SSLEnabled="true" sslEnabledProtocols="TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

For example, the following is a sample modified https connector tag:



<connector port="443" maxhttpheadersize="8192" address="127.0.0.1" enablelookups="false" disableuploadtimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" SSLEnabled="true" sslEnabledProtocols="TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" keystoreFile="mydomain.key" keystorePass="password" truststoreFile="mytruststore.truststore" truststorePass="password"/>;

NOTE: Upgrade the SSL Cipher list to the latest available versions.

Heap and PermGen Settings

For Oracle Java 11, configure the heap settings for your application servers

By default, the heap settings for Tomcat allocated are Min -Xms1024m / Max - Xmx2048m, and default permgen settings are: -XX:PermSize=1024m -XX:MaxPermSize=1024m

For better performance in case of several publishes, update the following heap and permgen settings  in the file: {Installation directory}/tomcat/bin/catalina.sh

  • heap settings: Min -Xms1024m / Max - Xmx1024m.

    IMPORTANT: While installing Quantum Fabric Components including Integration services, set the heap settings to: Min -Xms2048m / Max - Xmx2048m.

  • permgen settings : -XX:PermSize=1024m -XX:MaxPermSize=2048m