Linux: /opt/novell/nam/idp/conf
Windows Server 2012: \Program Files (x86)\Novell\Tomcat\conf
<Connector NIDP_Name="connector" SSLEnabled="true" URIEncoding="utf-8" acceptCount="100" address="10.0.0.0" ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" clientAuth="false" disableUploadTimeout="true" enableLookups="false" keystoreFile="/opt/novell/devman/jcc/certs/idp/connector.keystore" keystorePass="xxxxxxxxxxxxxxx" maxThreads="600" minSpareThreads="5" port="8443" scheme="https" secure="true" sslImplementationName="com.example.nidp.common.util.net.server.NIDPSSLImplementation" useServerCipherSuitesOrder="true" sslProtocol="TLSv1.2"sslEnabledProtocols="SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2" />
For information about connector attributes, see Apache Tomcat Configuration Reference.
Linux: /opt/novell/nam/idp/conf
Windows Server 2012: \Program Files (x86)\Novell\Tomcat\conf
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter
</filter-class>
<async-supported>true</async-supported>
</filter>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping><filter>
<filter-name>TomcatSameOriginFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter
</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>TomcatSameOriginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
NOTE:You can add these filters at any location in the web.xml as long as it is not within any existing tag.
Linux:
/opt/novell/nam/idp/conf/tomcat.conf
JAVA_OPTS="${JAVA_OPTS} -Dsun.security.ssl.allowUnsafeRenegotiation=false"
JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.rejectClientInitiatedRenegotiation=true"
JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.ephemeralDHKeySize=2048"
Windows:
Navigate to C:\Program Files (x86)\Novell\Tomcat\bin and then double-click tomcat7w.
-Dsun.security.ssl.allowUnsafeRenegotiation=false" -Djdk.tls.rejectClientInitiatedRenegotiation=true" -Djdk.tls.ephemeralDHKeySize=2048"