All client communication with Identity Server currently uses 128-bit encryption. If the browser is unable to support 128 bit encryption, the user is not allowed to authenticate. You can modify the supported encryption level by adding or removing the ciphers listed in the server.xml file.
Modify Identity Server’s server.xml file.
For information about how to modify a file, see Modifying Configurations.
Search for the cipher attribute in the <Connector> element and then modify the list of ciphers based on your needs. The following is an example configuration to enable 128-bit encryption:
ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA"
This is a comma-separated list of the JSSE names for the TLS cipher suites.
IMPORTANT:If you enter a cipher name incorrectly, Tomcat reverts to the default values, which allow the weak ciphers to be used.
If you want to allow the SSL cipher suites, the following JSSE names can be added to the list:
For a complete list of supported cipher suites and their requirements, see The SunJSSE Provider.
Preventing Automatically Changing the Session ID
Click Devices > Identity Servers > Edit > Options > New.
Set the RENAME SESSION ID property to false.
Restart Tomcat on each Identity Server in the cluster.