Cipher Suite to use for Apache/Tomcat

Cipher Suite to use for Apache/Tomcat

Required to be PCI, NIST or HIPAA compliant and wonder what cipher suites are needed to be used?

All of the ciphers listed are Forward Secrecy (FS) enabled and are highly recommended. They work with pretty much everything you could possibly run into at client sites. Not all of them are supported under Tomcat, but are supported for Apache.  If certain ones do not work for the product under Tomcat, it will just skip that cipher and go down the list until it finds one it does work with for connections.

For PCI use these


TLS 1.2 (suites in server-preferred order)


TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384


TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384


TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA


TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA


TLS_DHE_RSA_WITH_AES_256_GCM_SHA384


TLS_DHE_RSA_WITH_AES_256_CBC_SHA256


TLS_DHE_RSA_WITH_AES_256_CBC_SHA


TLS_DHE_RSA_WITH_AES_128_GCM_SHA256


TLS_DHE_RSA_WITH_AES_128_CBC_SHA256


TLS_DHE_RSA_WITH_AES_128_CBC_SHA


TLS 1.1 (suites in server-preferred order)


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA


TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA


TLS_DHE_RSA_WITH_AES_256_CBC_SHA


TLS_DHE_RSA_WITH_AES_128_CBC_SHA


TLS 1.0 (suites in server-preferred order)


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA


TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA


TLS_DHE_RSA_WITH_AES_256_CBC_SHA


TLS_DHE_RSA_WITH_AES_128_CBC_SHA


For NIST/HIPAA compliance add


TLSv1.2


TLS_RSA_WITH_AES_128_CBC_SHA


TLS_RSA_WITH_AES_128_GCM_SHA256


TLSv1.1


TLS_RSA_WITH_3DES_EDE_CBC_SHA


TLS_RSA_WITH_AES_128_CBC_SHA


TLSv1.0


TLS_RSA_WITH_3DES_EDE_CBC_SHA


TLS_RSA_WITH_AES_128_CBC_SHA

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2017-05-05 01:29
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.