If you are using Tomcat directly as the web server, then the attribute to add to the Tomcat connector is called "ciphers". Add the "ciphers" attribute to the Tomcat "connector" XML tag, right after "sslProtocol" attribute. The following is a sample ciphers attribute string that should work for most Tomcat installations::
 
 
ciphers="TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA"
 

The above list includes some "medium" to "strong" ciphers, but by no means does it include all the available "medium" to "strong" ciphers. You could add more ciphers to this list, as long as you avoid the ones whose names contain "DHE" or "EDH." Those ciphers use the Diffie-Hellman ephemeral key-exchange algorithm, which renders the data unencryptable by "non-participants" in the SSL session (such as a Pion, which is a passive observer). Usually, these letters are near the beginning of the cipher suite name. As a rule of thumb, the ones you want are "SSL_RSA_*" and "TLS_RSA_*", because the RSA key-exchanges are the most common ones that can be passively decrypted.
 
For more information, see http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames.