Related Tips & Info

Cipher Suite to use for Apache/Tomcat

MigrationDeletedUser
0 Likes

Required to be PCI, NIST or HIPAA compliant and wonder what cipher suites are needed to be used?

All of the ciphers listed are Forward Secrecy (FS) enabled and are highly recommended. They work with pretty much everything you could possibly run into at client sites. Not all of them are supported under Tomcat, but are supported for Apache.  If certain ones do not work for the product under Tomcat, it will just skip that cipher and go down the list until it finds one it does work with for connections.

For PCI use these

 

TLS 1.2 (suites in server-preferred order)

 

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

 

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

 

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

 

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

 

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

 

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

 

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

 

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

 

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

 

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

 

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

 

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

 

TLS 1.1 (suites in server-preferred order)

 

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

 

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

 

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

 

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

 

TLS 1.0 (suites in server-preferred order)

 

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

 

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

 

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

 

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

 

For NIST/HIPAA compliance add

 

TLSv1.2

 

TLS_RSA_WITH_AES_128_CBC_SHA

 

TLS_RSA_WITH_AES_128_GCM_SHA256

 

TLSv1.1

 

TLS_RSA_WITH_3DES_EDE_CBC_SHA

 

TLS_RSA_WITH_AES_128_CBC_SHA

 

TLSv1.0

 

TLS_RSA_WITH_3DES_EDE_CBC_SHA

 

TLS_RSA_WITH_AES_128_CBC_SHA

Labels:

How To-Best Practice
Comment List
Related
Recommended

Resources

Support
Documentation
Learning Services
CyberRes Academy
Partner Programs
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Conduct
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.