The enabled / disabled security (cryptographic) algorithms used by Tornado are controlled by the Java Virtual Machine (JVM). Certain algorithms (Such as older SSL and TLS methods) can be disabled in the JVM's security settings. For example, to only allow TLS 1.2 you can do the following:
- Create a file named security.properties adjacent to your tornado.war file.
- In security.properties, add the following line:
jdk.tls.disabledAlgorithms=TLSv1, TLSv1.1, SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC
- Update your launch command of Tornado from:
java ... -jar docmosisTornado.warto
java -Djava.security.properties=security.properties ... -jar docmosisTornado.war
- Re-launch Tornado.
This setting adds additional restrictions to the active security algorithms Tornado uses.