Tomcat Prerequisites
How to Disable Weak Ciphers
To disable weak ciphers, modify the SSL Connector container attribute inside the server.xml
with the required https connector tag details. The server.xml
is located in the <Install_Drive>\tomcat\conf
folder.
Add the following is a sample details to SSL connector tag:
SSLEnabled="true" sslEnabledProtocols="TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
For example, the following is a sample modified https connector tag:
<connector port="443" maxhttpheadersize="8192" address="127.0.0.1" enablelookups="false" disableuploadtimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" SSLEnabled="true" sslEnabledProtocols="TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" keystoreFile="mydomain.key" keystorePass="password" truststoreFile="mytruststore.truststore" truststorePass="password"/>;
NOTE: Upgrade the SSL Cipher list to the latest available versions.
Heap and PermGen Settings
For Oracle Java 7 and Java 8, configure the heap settings for your application servers. In case of Oracle Java 7, you also need to configure PermGen settings.
By default, the heap settings for Tomcat allocated are Min -Xms1024m
/ Max - Xmx2048m
, and default permgen settings are: -XX:PermSize=1024m
-XX:MaxPermSize=1024
m
For better performance in case of several publishes, update the following heap and permgen settings in the file: {Installation directory}/tomcat/bin/catalina.bat
- heap settings: Min -
Xms1024m
/ Max -Xmx1024m
.IMPORTANT: While installing Quantum Fabric Components including Integration services, set the heap settings to: Min -Xms2048m / Max - Xmx2048m
- permgen settings : -XX:PermSize=
1024m
-XX:MaxPermSize=2048m
NOTE: From V8 SP4 FP1 HF1 onwards, Java 11 is supported for bundled Tomcat and JBoss servers.