Our corporate security scans have identified that Glassfish v2.1 allows the following weak ciphers to be used:
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_DHE_RSA_WITH_DES_CBC_SHA
I searched for how to remove/disable these ciphers and have seen several people try with no luck. I have also tried to use the admin console to exclude them in the http-service SSL tab, and my SSL is broken afterwards as well.
Has anyone been able to successfully perform this change???
[Message sent by forum member 'geturnerlmco']
http://forums.java.net/jive/thread.jspa?messageID=484389