Configuring Supported Ciphers for Tomcat HTTPS Connections
Updated: 02 December 2022
Product: Jamf Pro
Due to a security vulnerability, cipher suites that use weak Diffie-Hellman key exchange algorithms are disabled in the Tomcat server.xml file installed with Jamf Pro 9.73 or later. When upgrading from Jamf Pro 9.72 or earlier, the list of ciphers is not automatically modified. This means if you are upgrading from Jamf Pro 9.72 or earlier, you must manually replace the list of ciphers to remediate this known vulnerability.
This article provides step-by-step instructions for replacing the existing ciphers in the server.xml file with a list of recommended ciphers.
- Upgrades—The following procedure is required for upgrades from Jamf Pro 9.72 or earlier. Jamf Pro installers do not modify an existing server.xml file.
- New Installations—New installations of Jamf Pro 9.73 or later include the recommended ciphers by default. No further action is required unless you want to customize the list of supported ciphers, in which case, you can use the following procedure to specify a list of ciphers for HTTPS connections.
Requirements
Jamf Pro 9.72 or earlier
Additional Information
For more information about Apache Tomcat HTTP Connectors, go to: