Because ssl3.0 has loopholes, try to use TLSv1.2.
Vulnerability hazards:
The HTTPS secure transmission channel cannot be trusted.
Repair suggestion:
It is forbidden to enable SSL3. Unless the client version is relatively low, only TLS1.2 should be enabled, and other protocols should be disabled.
Enable TLS1.2 support
solution:
tomcat's server.xml:
quote
SSLEnabled="true"sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
Note: only jdk7 supports tls1.2, and tomcat7.0.56 (65?) only prohibits ssl3.0 by default
Appendix: refer to http://blog.csdn.net/jackpk/article/details/47979643
Please refer to http://www .freebuf.com/articles/network/62442.html,
free ssl robustness test website https://www.ssllabs.com/ssltest/index.html