rtrouton/cipher.sh

## cipher.sh
#!/bin/bash

# Add the user and group used by Tomcat on your Linux
# server. For Casper 9.x running on Red Hat Enterprise
# Linux, the user and group are filled in below.

linux_tomcat_user="tomcat7"
linux_tomcat_group="tomcat7"

# Add the user and group used by Tomcat on your Linux
# server. For Red Hat Enterprise Linux and CentOS, in a
# situation where JAMF's JSS Linux installer is used to
# install Casper, the paths are as filled in below.

linux_server_xml_path="/usr/local/jss/tomcat/conf/server.xml"
linux_server_xml_backup_path="/usr/local/jss/tomcat/conf/server.xml.bak"

if [ -f "$linux_server_xml_path" ]; then
  service jamf.tomcat7 stop
  cp "$linux_server_xml_path" "$linux_server_xml_backup_path"
  chown "$tomcat_user":"$tomcat_group" "$linux_server_xml_backup_path"
  sed -i 's/ciphers=".[^"]*/ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA/' "$linux_server_xml_path"
  chown "$tomcat_user":"$tomcat_group" "$linux_server_xml_path"
  service jamf.tomcat7 start
fi
	#!/bin/bash

	# Add the user and group used by Tomcat on your Linux
	# server. For Casper 9.x running on Red Hat Enterprise
	# Linux, the user and group are filled in below.

	linux_tomcat_user="tomcat7"
	linux_tomcat_group="tomcat7"

	# Add the user and group used by Tomcat on your Linux
	# server. For Red Hat Enterprise Linux and CentOS, in a
	# situation where JAMF's JSS Linux installer is used to
	# install Casper, the paths are as filled in below.

	linux_server_xml_path="/usr/local/jss/tomcat/conf/server.xml"
	linux_server_xml_backup_path="/usr/local/jss/tomcat/conf/server.xml.bak"

	if [ -f "$linux_server_xml_path" ]; then
	service jamf.tomcat7 stop
	cp "$linux_server_xml_path" "$linux_server_xml_backup_path"
	chown "$tomcat_user":"$tomcat_group" "$linux_server_xml_backup_path"
	sed -i 's/ciphers=".[^"]*/ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA/' "$linux_server_xml_path"
	chown "$tomcat_user":"$tomcat_group" "$linux_server_xml_path"
	service jamf.tomcat7 start
	fi