| Tomcat has several remote communications channels. Examples are user requests via http/https, communication to a backend database, or communication to authenticate users. The encryption used to communicate must match the data that is being retrieved or presented.
The Tomcat <Connector> element controls the TLS protocol and the associated ciphers used. If a strong cipher is not selected, an attacker may be able to circumvent encryption protections that are configured for the connector. Strong ciphers must be employed when configuring a secured connector.
TLSv1.2 or TLSv1.3 ciphers are configured via the server.xml file on a per connector basis. For a list of approved ciphers, refer to NIST SP 800-52 section 220.127.116.11.
Satisfies: SRG-APP-000014-AS-000009, SRG-APP-000015-AS-000010, SRG-APP-000172-AS-000120, SRG-APP-000172-AS-000121, SRG-APP-000439-AS-000274 |