I do not really understand it but this works:

    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"

           port="8443" maxThreads="200"

           scheme="https" secure="true" SSLEnabled="true"

           keystoreFile="/usr/tomcat/conf/.keystore" keystorePass="twadmin"

           clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"

           ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"/>