diff --git a/tasks/rosetta/configure_tomcat.yml b/tasks/rosetta/configure_tomcat.yml
index 247b1e38f6deac034ecfe88364f5c0800d894178..701c1a32b4ada143fe3f72a21e67f6d6861a60e8 100644
--- a/tasks/rosetta/configure_tomcat.yml
+++ b/tasks/rosetta/configure_tomcat.yml
@@ -19,6 +19,8 @@
     value: "{{ item.value }}"
   loop:
     # configure Tomcat crypto to mitigate against Greenbone OID: 1.3.6.1.4.1.25623.1.0.106223
+    # details at https://greenbone-server.fqdn.de/nvt/1.3.6.1.4.1.25623.1.0.106223
+    # mitigation config documented at https://weakdh.org/sysadmin.html
     - xpath: "/Server/Service/Connector[@port='8443']"
       attribute: "ciphers"
       value: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA"