-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 James,
On 10/3/17 5:52 PM, James H. H. Lampert wrote: > Dear Mr. Klement, and members of the Tomcat List: > > I have a series of AS/400 programs using HTTPAPI to access > services hosted by a webapp running under Tomcat. > > Up until now, I've only tested this configuration with Tomcat 7, > running on a local Linux (CentOS) box, and the last time I tested > it, it worked fine. > > Today, for the first time, I tried changing the HTTPAPI calls to > access essentially the same webapp, only running in Tomcat 8 on a > cloud server, in order to find any places where the calls need to > be updated to keep up with changes in the services. > > And I didn't even get that far. Instead, the SSL handshake failed > with >> (GSKit) No compatible cipher suite available between SSL end >> points. > > Now what? > > I mean, I know that I need to get HTTPAPI and Tomcat speaking the > same language, but where do I begin? First, I would check to see what Tomcat is actually advertising. There are several ways to do that. One of them is to use Qualys's SSLLabs server test: https://www.ssllabs.com/ssltest/ Note that this tool only works for publicly-accessible servers. If you have a private server, you'll need to resort to something a little more complicated. I wrote a Java program to do just this. You are welcome to use it: https://wiki.apache.org/tomcat/tools/SSLTest.java and https://wiki.apache.org/tomcat/tools/SSLUtils.java Once you know what cipher suites are actually supported by the server, you can have a look at the ones supported by the HTTPAPI client to make sure you have some overlap. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnUMAIdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFi7Rw//ZUb3T3GPjJ6yHjOs bv09fY33iei8NXJYleHbzHs1XNVDRL8MMEtzc64g2DX9K5ducUqZEOpb5tSj7XiK 2uOsp5qaMplwFAgeY6kaAptaajuiz+WFDZXDOTRvcFTgwCEN2shsQDsJUd3EaXHj NpduLueXpAY8B1V8GOAKQx2ZJxWO+puLDd8h0Ao/ojRmcxksFonBL8/Be6ZYTC4b n5swZc9Hj8gs50ZkIrCfvNhOE+t7DJ2OH8WFJFdaNfHB/bWv1A3FyZ9bI9sgG+Ym /EFH1khaWzH9AoB2Zv2dFD/D2ZDw2P30FJW1TZytcAQ6AhZo5fmMWNnKLMuu42Gw EHGssKqohCIhQ7Cy5s3knigIwHURoXPo9shlDFJB/GQcTKcX8VCtTvDw23Ka0qQB bjgmnrhb00dycBzFTiacG9RXrs7cMsYpgqzUFBTTYhDh0BhuQiwBQiTKo+dpoYab XTuEPEeuUmV9HTW5+kPL1YXw8RSNxCgUvTA6w9jK4QE4CKp4WMi2ESAW/toB0XcR yx9ZGqiDlYv732/8ID17P9/HN3GFskBGc90jjURmUtaLmPsidR9Ja7zU3zGHl2EQ MyNTKrdpaXgwQMiFSNwbKqTXqY1Q6e4PfYjzsyPidah/FlhQd+nPXgievNLYp973 ifcIoyO9cd60yYnwW7y6TL3foXA= =aRsw -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org