Java – how to control the SSL passwords available to Tomcat

I cannot disable weak SSL passwords in tomcat, as described in many places http://www.techstacks.com/howto/secure-ssl-in-tomcat.html.

..Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Programs\apache-tomcat-6.0.33\keystore" keystorePass="nn"/>

When I try to connect (using IE or ssldigger), I get the following error in Tomcat:

java.lang.IllegalArgumentException: Unsupported ciphersuite  SSL_RSA_WITH_RC4_128_SHA
    at com.sun.net.ssl.internal.ssl.CipherSuite.valueOf(UnkNown Source)
    at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(UnkNown Source)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledCipherSuites(UnkNown Source)
    at org.apache.tomcat.util.net.NioEndpoint.createSSLEngine(NioEndpoint.java:1141)
    at org.apache.tomcat.util.net.NioEndpoint.setSocketOptions(NioEndpoint.java:1096)
    at org.apache.tomcat.util.net.NioEndpoint$Acceptor.run(NioEndpoint.java:1315)
    at java.lang.Thread.run(UnkNown Source)

By the way, I deleted unsupported passwords (almost one by one), and the only password I left seems to be SSL_ RSA_ WITH_ RC4_ 128_ MD5

In addition, I assume that unsupported passwords are independent of Tomcats' specific key pairs, but more generally independent of widely available passwords

What's the problem here?

Solution

I have figured out that the comma separated password list is space sensitive, that is, the culprit is the space character after the comma