subject:"Re\: tomcat 7.0.54 \/jdk 1.8 \- only TLS_RSA

Re: tomcat 7.0.54 /jdk 1.8 - only TLS_RSA_* ciphers work

2016-11-01 Thread Mark Thomas

On 01/11/2016 20:40, Christopher Schultz wrote:
> Daba,
> 
> On 11/1/16 4:33 PM, capt.spock wrote:
>> Stumped with this issue...environment tomcat 7.054 with openjdk
>> version "1.8.0_111" OpenJDK Runtime Environment (build
>> 1.8.0_111-b15)
> 
>> Couple of servers with below config in server.xml throws warning
>> in Catalina and browsers have issue connecting.
> 



>> Any pointers will help in troubleshooting this issue.
> 
> Does this discussion help at all?
> 
> http://markmail.org/thread/fefvkflhzfaqom2m

In addition to Chris's hint, this might help you confirm what is happening:

http://people.apache.org/~markt/dev/TLSInfo.java

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat 7.0.54 /jdk 1.8 - only TLS_RSA_* ciphers work

2016-11-01 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Daba,

On 11/1/16 4:33 PM, capt.spock wrote:
> Stumped with this issue...environment tomcat 7.054 with openjdk
> version "1.8.0_111" OpenJDK Runtime Environment (build
> 1.8.0_111-b15)
> 
> Couple of servers with below config in server.xml throws warning
> in Catalina and browsers have issue connecting.
> 
>  protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150"
> SSLEnabled="true" scheme="https" secure="true" clientAuth="false"
> sslProtocol="TLS" sslEnabledProtocols="TLSv1.2"
> 
> ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AE
S_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WIT
H_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_
WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WI
TH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA
_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_EC
DSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_E
CDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_
ECDSA_WITH_AES_128_CBC_SHA"
>
> 
/>
> 
> INFO: The APR based Apache Tomcat Native library which allows
> optimal performance in production environments was not found on
> the java.library.path: 
> /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib Nov
> 01, 2016 1:15:39 PM org.apache.coyote.AbstractProtocol init INFO:
> Initializing ProtocolHandler ["http-bio-8080"] Nov 01, 2016 1:15:39
> PM org.apache.coyote.AbstractProtocol init INFO: Initializing
> ProtocolHandler ["http-bio-8443"] Nov 01, 2016 1:15:39 PM
> org.apache.tomcat.util.net.jsse.JSSESocketFactory 
> getEnableableCiphers WARNING: None of the ciphers specified are
> supported by the SSL engine : 
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM
_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128
_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_
256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_25
6_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES
_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_
AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH
_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WIT
H_AES_128_CBC_SHA
>
> 
Nov 01, 2016 1:15:39 PM org.apache.coyote.AbstractProtocol init
> INFO: Initializing ProtocolHandler ["ajp-bio-8009"] Nov 01, 2016
> 1:15:39 PM org.apache.coyote.AbstractProtocol init INFO:
> Initializing ProtocolHandler ["http-bio-9443"] Nov 01, 2016 1:15:39
> PM org.apache.coyote.AbstractProtocol init INFO: Initializing
> ProtocolHandler ["ajp-bio-9009"] Nov 01, 2016 1:15:39 PM
> org.apache.catalina.startup.Catalina load INFO: Initialization
> processed in 567 ms Nov 01, 2016 1:15:39 PM
> org.apache.catalina.core.StandardService startInternal INFO:
> Starting service Catalina Nov 01, 2016 1:15:39 PM
> org.apache.catalina.core.StandardEngine startInternal INFO:
> Starting Servlet Engine: Apache Tomcat/7.0.54
> 
> Any pointers will help in troubleshooting this issue.

Does this discussion help at all?

http://markmail.org/thread/fefvkflhzfaqom2m

Obligatory lists.a.o link:
https://lists.apache.org/thread.html/df063b1d0e86985c01dabf89a3152faf155
4047f7b120b5b7ec3b0a5@%3Cusers.tomcat.apache.org%3E

(I'm not yet a fan of lists.a.o when compared to markmail... sorry, guys
.)

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYGP2yAAoJEBzwKT+lPKRYnn8P/in5/kBxgj+OkMSlph7kWEWn
/RoElMnW0ZwPJz/62cXJ2ilaAONngwNYZbjbmcag2+JsgNlU1ZhRkUkK/Ux7EEdn
5JDbuw+kleseZ/9oStY/M6EJxoT2PjUmqC774ub28riJTFzokwIPQpPez/L5D7rs
KOc0zGq2SFXnDTmRa0qRYFWwx6IiV6wc2ifdJtPQNvbnedNtWEkVPZCiKB4KVpZZ
f67hNnv2TH+tic6VOhaw2kDj1sSeSHfnTwGY9ti1ml4x129zfhpnX41Mx/m9eoiC
pCQV1+ojCstM5CaK/jiSgx/qpLYdlZFw50oKdEubXH6mRrJ1qTj5XJlyf2oSczGH
VRpH3j+1S+NXZDihu8OYwjJPgHgiXuHBeP+t92UE2+JrVZ4ke+J+31RuMOsTEaP3
i6SFln8D0Cc7qUNxHlV5hvSunz3rtTiPvrY28dZeqDFY8eR2uf6woNV3MsCfIm4V
p4I1b0JWyD/XzZLDQH16rruWTzalZKzMC+Xa1PWT+sWr8wTm5MoT2c9p9p4hV+fS
Slj9P+fesk5djxfZojC/d1H+Nj5AHtXQFponng8CSi/jnm7L3JSQ1O9u9Ok8bD87
9HJl5tH7wKC0gj4XTxtt21nmcrZm6NNugqjZDqSyTqyzppu9rSVS9vewB65PuAgP
Ct/U6RLxz5z/EfYfnQOH
=jhXr
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat 7.0.54 /jdk 1.8 - only TLS_RSA_* ciphers work

Re: tomcat 7.0.54 /jdk 1.8 - only TLS_RSA_* ciphers work

2 matches

Site Navigation

Mail list logo

Footer information