A tomcat user provided some feedback that they used this in their connector setting successfully as well (minus RC4 ciphers):
Connector port="7443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" protocols="TLSv1, TLSv1.1, TLSv1.2" keyAlias="tomcat" keystoreFile="/opt/shibboleth-idp/credentials/idp-https.tks" keystorePass="*Your Keystore Password*" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"