This is from an installation ant script that I use to install glassfish on a production server:
<executefile name="$INSTALL_PATH/glassfish/bin/asadmin.bat">
<arg>set</arg>
<arg>server.http-service.http-listener.http-listener-1.property.cometSupport=true</arg>
<arg>server.log-service.module-log-levels.jms=WARNING</arg>
<arg>server.http-service.property.traceEnabled=false</arg>
<arg>server.http-service.http-listener.http-listener-2.ssl.ssl3-tls-ciphers=+SSL_RSA_WITH_RC4_128_MD5,+SSL_RSA_WITH_RC4_128_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+SSL_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+SSL_RSA_WITH_DES_CBC_SHA,+SSL_DHE_RSA_WITH_DES_CBC_SHA,+SSL_DHE_DSS_WITH_DES_CBC_SHA</arg>
<arg>server.admin-service.jmx-connector.system.ssl.ssl3-tls-ciphers=+SSL_RSA_WITH_RC4_128_MD5,+SSL_RSA_WITH_RC4_128_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+SSL_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,+SSL_RSA_WITH_DES_CBC_SHA,+SSL_DHE_RSA_WITH_DES_CBC_SHA,+SSL_DHE_DSS_WITH_DES_CBC_SHA</arg>
</executefile>
This sets the ciphers to only those that I want, leaving out the weak ones.
Brett
[Message sent by forum member 'bbergquist' (bbergquist_at_canoga.com)]
http://forums.java.net/jive/thread.jspa?messageID=368635