subject:"AW\: SSL issue with Tomcat 6.0.45 and JRE 1.8.0"

AW: AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

2022-06-17 Thread Thomas Hoffmann (Speed4Trade GmbH)



> -Ursprüngliche Nachricht-
> Von: Peter Chamberlain 
> Gesendet: Freitag, 17. Juni 2022 15:36
> An: Tomcat Users List 
> Betreff: Re: AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0
> 
> On Thu, 16 Jun 2022 at 04:42, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
> 
> > Thomas,
> >
> > On 6/15/22 03:08, Thomas Hoffmann (Speed4Trade GmbH) wrote:
> > > Hello,
> > >
> > >> -Ursprüngliche Nachricht-
> > >> Von: Pavan Kumar Tiruvaipati 
> > >> Gesendet: Mittwoch, 15. Juni 2022 08:59
> > >> An: Christopher Schultz 
> > >> Cc: Tomcat Users List 
> > >> Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0
> > >>
> > >> Hi,
> > >>
> > >> Tomcat server started successfully.
> > >>
> > >> I'm seeing the following error in the tomcat logs when SSL is
> > >> enabled in server.xml
> > >>
> > >> Application is not able to run on https://localhost:8080.
> > >>
> > >> 2022-06-15 12:02:43,923 [http-3003-1] DEBUG
> > >> *org.apache.tomcat.util.net.JIoEndpoint
> > >> - Handshake failed*
> > >>
> > >> *javax.net.ssl.SSLHandshakeException: no cipher suites in common at
> > >> sun.security.ssl.Alert.createSSLException(Unknown Source) *
> > >>
> > >> *at sun.security.ssl.Alert.createSSLException(Unknown Source) at
> > >> sun.security.ssl.TransportContext.fatal(Unknown Source) *
> > >>
> > >> *at sun.security.ssl.TransportContext.fatal(Unknown Source) at
> > >> sun.security.ssl.TransportContext.fatal(Unknown Source) at
> > >> sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSui
> > >> te(Un
> > >> known
> > >> Source) at
> > >>
> sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(Unknown
> > >> Source) at sun.security.ssl.SSLHandshake.produce(Unknown Source) at
> > >>
> sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(Unknown
> > >> Source) at
> > >> sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unkn
> > >> own
> > >> Source) at
> > >> sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown
> > >> Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source) at
> > >> sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> > >> sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> > >> sun.security.ssl.TransportContext.dispatch(Unknown Source) at
> > >> sun.security.ssl.SSLTransport.decode(Unknown Source) at
> > >> sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at
> > >> sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown
> Source)
> > >> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
> > >> sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
> > >> org.apache.tomcat.util.net
> > .jsse.JSSESocketFactory.handshake(JSSESocketFac
> > >> tory.java:233)
> > >> at
> > >> org.apache.tomcat.util.net
> > .JIoEndpoint.setSocketOptions(JIoEndpoint.java:7
> > >> 01)
> > >> at org.apache.tomcat.util.net
> > .JIoEndpoint$Worker.run(JIoEndpoint.java:503)
> > >> at java.lang.Thread.run(Unknown Source)*
> > >>
> > >> If I disable SSL in tomcat server.xml, It's working with Non-SSL (
> > >> http://localhost:8080).
> > >>
> > >> Does Tomcat SSL configuration work with JRE 1.8.0 ? Are there any
> > changes
> > >> required to establish a handshake ?
> > >>
> > >> Please let me know if you need more details.
> > >>
> > >>
> > >> Regards,
> > >> Pavan
> > >>
> > >> On Tue, Jun 14, 2022 at 10:44 PM Christopher Schultz <
> > >> ch...@christopherschultz.net> wrote:
> > >>
> > >>> Pavan,
> > >>>
> > >>> Please reply to the list and not me personally.
> > >>>
> > >>> On 6/14/22 11:21, Pavan Kumar Tiruvaipati wrote:
> > >>>>  > >>>>  maxThreads="150" minSpareThreads="25"
> > >>> maxSpareThreads="75"
> > >>>>  enableLookups="false" disableUploadTimeout="true"
> > >>>>  acceptCount="10

Re: AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

2022-06-17 Thread Peter Chamberlain

On Thu, 16 Jun 2022 at 04:42, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Thomas,
>
> On 6/15/22 03:08, Thomas Hoffmann (Speed4Trade GmbH) wrote:
> > Hello,
> >
> >> -Ursprüngliche Nachricht-
> >> Von: Pavan Kumar Tiruvaipati 
> >> Gesendet: Mittwoch, 15. Juni 2022 08:59
> >> An: Christopher Schultz 
> >> Cc: Tomcat Users List 
> >> Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0
> >>
> >> Hi,
> >>
> >> Tomcat server started successfully.
> >>
> >> I'm seeing the following error in the tomcat logs when SSL is enabled in
> >> server.xml
> >>
> >> Application is not able to run on https://localhost:8080.
> >>
> >> 2022-06-15 12:02:43,923 [http-3003-1] DEBUG
> >> *org.apache.tomcat.util.net.JIoEndpoint
> >> - Handshake failed*
> >>
> >> *javax.net.ssl.SSLHandshakeException: no cipher suites in common at
> >> sun.security.ssl.Alert.createSSLException(Unknown Source) *
> >>
> >> *at sun.security.ssl.Alert.createSSLException(Unknown Source) at
> >> sun.security.ssl.TransportContext.fatal(Unknown Source) *
> >>
> >> *at sun.security.ssl.TransportContext.fatal(Unknown Source) at
> >> sun.security.ssl.TransportContext.fatal(Unknown Source) at
> >> sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(Un
> >> known
> >> Source) at
> >> sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(Unknown
> >> Source) at sun.security.ssl.SSLHandshake.produce(Unknown Source) at
> >> sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(Unknown
> >> Source) at
> >> sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown
> >> Source) at
> >> sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown
> >> Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source) at
> >> sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> >> sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> >> sun.security.ssl.TransportContext.dispatch(Unknown Source) at
> >> sun.security.ssl.SSLTransport.decode(Unknown Source) at
> >> sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at
> >> sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) at
> >> sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
> >> sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
> >> org.apache.tomcat.util.net
> .jsse.JSSESocketFactory.handshake(JSSESocketFac
> >> tory.java:233)
> >> at
> >> org.apache.tomcat.util.net
> .JIoEndpoint.setSocketOptions(JIoEndpoint.java:7
> >> 01)
> >> at org.apache.tomcat.util.net
> .JIoEndpoint$Worker.run(JIoEndpoint.java:503)
> >> at java.lang.Thread.run(Unknown Source)*
> >>
> >> If I disable SSL in tomcat server.xml, It's working with Non-SSL (
> >> http://localhost:8080).
> >>
> >> Does Tomcat SSL configuration work with JRE 1.8.0 ? Are there any
> changes
> >> required to establish a handshake ?
> >>
> >> Please let me know if you need more details.
> >>
> >>
> >> Regards,
> >> Pavan
> >>
> >> On Tue, Jun 14, 2022 at 10:44 PM Christopher Schultz <
> >> ch...@christopherschultz.net> wrote:
> >>
> >>> Pavan,
> >>>
> >>> Please reply to the list and not me personally.
> >>>
> >>> On 6/14/22 11:21, Pavan Kumar Tiruvaipati wrote:
>     maxThreads="150" minSpareThreads="25"
> >>> maxSpareThreads="75"
>   enableLookups="false" disableUploadTimeout="true"
>   acceptCount="100"  scheme="https" secure="true"
>  connectionTimeout="2"
>   clientAuth="false" algorithm="SunX509"
> sslProtocol="TLS"
>  keystoreFile="conf/certificate" keystorePass="x"
>  useBodyEncodingForURI="true"
>  SSLEnabled="true"/>
> >>>
> >>> That all looks pretty straightforward.
> >>>
> >>> When you say it's "not working", can you be more specific? Does the
> >>> Tomcat server start? Are there any errors or warnings in the logs?
> >>>
> >>> -chris
> >>>
>  On Tue, Jun 14, 2022 at 7:30 PM Christopher Schultz
>  mailto:ch...@christopherschultz.net>>
> >>> wrote:
> 
>   Pavan,
> 
>   On 6/14/22 08:32, Pavan Kumar Tiruvaipati wrote:
>    > We have replaced JDK 1.8 with JRE 1.8.0_333.
>    >
>    > SSL configuration was working fine with Tomcat 6.0.45 before
>   replacing JDK
>    > with JRE.
>    >
>    > Now it's not working.
>    >
>    > In server.xml, SSL Protocol is set to "TLS".
>    >
>    > Does Tomcat 6.0.45 support SSL with JRE 1.8.0_333 ?
>    >
>    > Are there any specific protocols / versions to be used to
> enable
>   SSL ?
> 
>   Please post your  configuration. Remove any secrets
>  that
> >>> may
>   be in there (e.g. passwords).
> 
>   -chris
> 
> >>>
> >
> > The error says that the client and the server couldn’t find a common
> cipher suite.
> > They couldn’t agree on any cipher.
> > Does your keystore contain

Re: AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

2022-06-15 Thread Christopher Schultz

Thomas,

On 6/15/22 03:08, Thomas Hoffmann (Speed4Trade GmbH) wrote:

Hello,

-Ursprüngliche Nachricht-
Von: Pavan Kumar Tiruvaipati 
Gesendet: Mittwoch, 15. Juni 2022 08:59
An: Christopher Schultz 
Cc: Tomcat Users List 
Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

Hi,

Tomcat server started successfully.

I'm seeing the following error in the tomcat logs when SSL is enabled in
server.xml

Application is not able to run on https://localhost:8080.

2022-06-15 12:02:43,923 [http-3003-1] DEBUG
*org.apache.tomcat.util.net.JIoEndpoint
- Handshake failed*

*javax.net.ssl.SSLHandshakeException: no cipher suites in common at
sun.security.ssl.Alert.createSSLException(Unknown Source) *

*at sun.security.ssl.Alert.createSSLException(Unknown Source) at
sun.security.ssl.TransportContext.fatal(Unknown Source) *

*at sun.security.ssl.TransportContext.fatal(Unknown Source) at
sun.security.ssl.TransportContext.fatal(Unknown Source) at
sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(Un
known
Source) at
sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(Unknown
Source) at sun.security.ssl.SSLHandshake.produce(Unknown Source) at
sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(Unknown
Source) at
sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown
Source) at
sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown
Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source) at
sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
sun.security.ssl.TransportContext.dispatch(Unknown Source) at
sun.security.ssl.SSLTransport.decode(Unknown Source) at
sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) at
sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFac
tory.java:233)
at
org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:7
01)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:503)
at java.lang.Thread.run(Unknown Source)*

If I disable SSL in tomcat server.xml, It's working with Non-SSL (
http://localhost:8080).

Does Tomcat SSL configuration work with JRE 1.8.0 ? Are there any changes
required to establish a handshake ?

Please let me know if you need more details.

Regards,
Pavan

On Tue, Jun 14, 2022 at 10:44 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

Pavan,

Please reply to the list and not me personally.

On 6/14/22 11:21, Pavan Kumar Tiruvaipati wrote:

maxSpareThreads="75"

 enableLookups="false" disableUploadTimeout="true"
 acceptCount="100"  scheme="https" secure="true"
connectionTimeout="2"
 clientAuth="false" algorithm="SunX509" sslProtocol="TLS"
keystoreFile="conf/certificate" keystorePass="x"
useBodyEncodingForURI="true"
SSLEnabled="true"/>

That all looks pretty straightforward.

When you say it's "not working", can you be more specific? Does the
Tomcat server start? Are there any errors or warnings in the logs?

-chris

On Tue, Jun 14, 2022 at 7:30 PM Christopher Schultz
mailto:ch...@christopherschultz.net>>

wrote:

 Pavan,

 On 6/14/22 08:32, Pavan Kumar Tiruvaipati wrote:
  > We have replaced JDK 1.8 with JRE 1.8.0_333.
  >
  > SSL configuration was working fine with Tomcat 6.0.45 before
 replacing JDK
  > with JRE.
  >
  > Now it's not working.
  >
  > In server.xml, SSL Protocol is set to "TLS".
  >
  > Does Tomcat 6.0.45 support SSL with JRE 1.8.0_333 ?
  >
  > Are there any specific protocols / versions to be used to enable
 SSL ?

 Please post your  configuration. Remove any secrets
that

may

 be in there (e.g. passwords).

 -chris

The error says that the client and the server couldn’t find a common cipher 
suite.
They couldn’t agree on any cipher.
Does your keystore contain a valid private key?

The problem is likely that Tomcat 6 (which is ancient) defaults to TLSv1 
and no higher (this is a guess; I'm not bothering to look at a 
14-year-old version of Tomcat to figure out what the problem really is). 
The client isn't willing to connect to such an ancient version of any 
protocol, so it fails with the handshake failure.

Maybe you can try to print out all available cipher suites on your environment:
https://stackoverflow.com/questions/9333504/how-can-i-list-the-available-cipher-algorithms
You can add the code to a jsp-page and print out the available algorithms.

Try explicitly setting the "enabled protocols" to "TLSv1, TLSv1.1, 
TLSv1.2, TLSv1.3" -- however that's done in that dinosaur of a Tomcat 
version. It might be enabledProtocols="..." if might be 
SSLProtocols="..." and it might have a lot to

AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

2022-06-15 Thread Thomas Hoffmann (Speed4Trade GmbH)

Hello Pavan,

which client are you using to access Tomcat?
Which TLS-Version are activated on that client?

Java 8 ships with ssl ciphers suitable for common browsers (in default 
configuration).

If the server is public, use https://www.ssllabs.com/ssltest/ to check the 
server ciphers.
If the server is not public, you can use e.g. https://github.com/rbsec/sslscan 
You need to check the ciphers of the server and which ciphers are enabled on 
the client side.

I would also recommend to upgrade Tomcat because it is an ancient version and 
reached EOL many years ago.

Greetings, Thomas

> -Ursprüngliche Nachricht-
> Von: Pavan Kumar Tiruvaipati 
> Gesendet: Mittwoch, 15. Juni 2022 11:14
> An: Tomcat Users List 
> Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0
> 
> Hi,
> 
> Java ships cipher suites. We have printed all available cipher suites in our
> environment.
> 
> Tomcat is not able to enable SSL with JRE 1.8.0_333.
> 
> The error says that the client and the server couldn’t find a common cipher
> suite.
> 
> 1. Which cipher suite to be updated in tomcat to enable SSL ?
> 2. Where do we need to update the cipher suite in tomcat ? server.xml ?
> 
> Please advise me if there is any other way to fix the SSL issue. Thank you in
> advance.
> 
> Regards,
> Pavan
> 
> On Wed, Jun 15, 2022 at 1:34 PM Thomas Hoffmann (Speed4Trade GmbH)
>  wrote:
> 
> > Hello,
> > Java already ships with a broad variety of cipher suites.
> > The crypto providers are listed in the file java.security.
> > As long as you don’t modify this file, SSL should work just fine in
> > the default java-configuration.
> >
> > Greetings, Thomas
> >
> >
> > > -Ursprüngliche Nachricht-
> > > Von: Pavan Kumar Tiruvaipati 
> > > Gesendet: Mittwoch, 15. Juni 2022 09:56
> > > An: thomas.hoffm...@speed4trade.com.invalid
> > > Cc: Tomcat Users List 
> > > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0
> > >
> > > Hi,
> > >
> > > Thanks for the quick response. I will print all the available cipher
> > suites.
> > >
> > > Where do I need to update the cipher to support SSL ?
> > >
> > >
> > > Regards,
> > > Pavan
> > >
> > > On Wed, Jun 15, 2022 at 12:39 PM Thomas Hoffmann (Speed4Trade
> GmbH)
> > >  wrote:
> > >
> > > > Hello,
> > > >
> > > > > -Ursprüngliche Nachricht-
> > > > > Von: Pavan Kumar Tiruvaipati 
> > > > > Gesendet: Mittwoch, 15. Juni 2022 08:59
> > > > > An: Christopher Schultz 
> > > > > Cc: Tomcat Users List 
> > > > > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0
> > > > >
> > > > > Hi,
> > > > >
> > > > > Tomcat server started successfully.
> > > > >
> > > > > I'm seeing the following error in the tomcat logs when SSL is
> > > > > enabled in server.xml
> > > > >
> > > > > Application is not able to run on https://localhost:8080.
> > > > >
> > > > > 2022-06-15 12:02:43,923 [http-3003-1] DEBUG
> > > > > *org.apache.tomcat.util.net.JIoEndpoint
> > > > > - Handshake failed*
> > > > >
> > > > > *javax.net.ssl.SSLHandshakeException: no cipher suites in common
> > > > > at sun.security.ssl.Alert.createSSLException(Unknown Source) *
> > > > >
> > > > > *at sun.security.ssl.Alert.createSSLException(Unknown Source) at
> > > > > sun.security.ssl.TransportContext.fatal(Unknown Source) *
> > > > >
> > > > > *at sun.security.ssl.TransportContext.fatal(Unknown Source) at
> > > > > sun.security.ssl.TransportContext.fatal(Unknown Source) at
> > > > > sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipher
> > > > > Suit
> > > > > e(Un
> > > > > known
> > > > > Source) at
> > > > > sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(Unkn
> > > > > own
> > > > > Source) at sun.security.ssl.SSLHandshake.produce(Unknown Source)
> > > > > at
> > > > > sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(Unkn
> > > > > own
> > > > > Source) at
> > > > > sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(U
> > > > > nkno
> > > > > wn
> > > > > Source) at
> > > > > sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown
> > > > > Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source)
> > > > > at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> > > > > sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> > > > > sun.security.ssl.TransportContext.dispatch(Unknown Source) at
> > > > > sun.security.ssl.SSLTransport.decode(Unknown Source) at
> > > > > sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at
> > > > > sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown
> > > > > Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown
> > > > > Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown
> > > > > Source) at org.apache.tomcat.util.net
> > > > .jsse.JSSESocketFactory.handshake(JSSESocketFac
> > > > > tory.java:233)
> > > > > at
> > > > > org.apache.tomcat.util.net
> > > > .JIoEndpoint.setSocketOptions(JIoEndpoint.java:7
> > > > > 01)
> > > > > at org.apache.tomcat.util.net
> > > >

AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

2022-06-15 Thread Thomas Hoffmann (Speed4Trade GmbH)

Hello,
Java already ships with a broad variety of cipher suites.
The crypto providers are listed in the file java.security.
As long as you don’t modify this file, SSL should work just fine in the default 
java-configuration.

Greetings, Thomas


> -Ursprüngliche Nachricht-
> Von: Pavan Kumar Tiruvaipati 
> Gesendet: Mittwoch, 15. Juni 2022 09:56
> An: thomas.hoffm...@speed4trade.com.invalid
> Cc: Tomcat Users List 
> Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0
> 
> Hi,
> 
> Thanks for the quick response. I will print all the available cipher suites.
> 
> Where do I need to update the cipher to support SSL ?
> 
> 
> Regards,
> Pavan
> 
> On Wed, Jun 15, 2022 at 12:39 PM Thomas Hoffmann (Speed4Trade GmbH)
>  wrote:
> 
> > Hello,
> >
> > > -Ursprüngliche Nachricht-
> > > Von: Pavan Kumar Tiruvaipati 
> > > Gesendet: Mittwoch, 15. Juni 2022 08:59
> > > An: Christopher Schultz 
> > > Cc: Tomcat Users List 
> > > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0
> > >
> > > Hi,
> > >
> > > Tomcat server started successfully.
> > >
> > > I'm seeing the following error in the tomcat logs when SSL is
> > > enabled in server.xml
> > >
> > > Application is not able to run on https://localhost:8080.
> > >
> > > 2022-06-15 12:02:43,923 [http-3003-1] DEBUG
> > > *org.apache.tomcat.util.net.JIoEndpoint
> > > - Handshake failed*
> > >
> > > *javax.net.ssl.SSLHandshakeException: no cipher suites in common at
> > > sun.security.ssl.Alert.createSSLException(Unknown Source) *
> > >
> > > *at sun.security.ssl.Alert.createSSLException(Unknown Source) at
> > > sun.security.ssl.TransportContext.fatal(Unknown Source) *
> > >
> > > *at sun.security.ssl.TransportContext.fatal(Unknown Source) at
> > > sun.security.ssl.TransportContext.fatal(Unknown Source) at
> > > sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuit
> > > e(Un
> > > known
> > > Source) at
> > > sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(Unknown
> > > Source) at sun.security.ssl.SSLHandshake.produce(Unknown Source) at
> > > sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(Unknown
> > > Source) at
> > > sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unkno
> > > wn
> > > Source) at
> > > sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown
> > > Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source) at
> > > sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> > > sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> > > sun.security.ssl.TransportContext.dispatch(Unknown Source) at
> > > sun.security.ssl.SSLTransport.decode(Unknown Source) at
> > > sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at
> > > sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
> > > at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
> > > sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
> > > org.apache.tomcat.util.net
> > .jsse.JSSESocketFactory.handshake(JSSESocketFac
> > > tory.java:233)
> > > at
> > > org.apache.tomcat.util.net
> > .JIoEndpoint.setSocketOptions(JIoEndpoint.java:7
> > > 01)
> > > at org.apache.tomcat.util.net
> > .JIoEndpoint$Worker.run(JIoEndpoint.java:503)
> > > at java.lang.Thread.run(Unknown Source)*
> > >
> > > If I disable SSL in tomcat server.xml, It's working with Non-SSL (
> > > http://localhost:8080).
> > >
> > > Does Tomcat SSL configuration work with JRE 1.8.0 ? Are there any
> > > changes required to establish a handshake ?
> > >
> > > Please let me know if you need more details.
> > >
> > >
> > > Regards,
> > > Pavan
> > >
> > > On Tue, Jun 14, 2022 at 10:44 PM Christopher Schultz <
> > > ch...@christopherschultz.net> wrote:
> > >
> > > > Pavan,
> > > >
> > > > Please reply to the list and not me personally.
> > > >
> > > > On 6/14/22 11:21, Pavan Kumar Tiruvaipati wrote:
> > > > >  > > > > maxThreads="150" minSpareThreads="25"
> > > > maxSpareThreads="75"
> > > > > enableLookups="false" disableUploadTimeout="true"
> > > > > acceptCount="100"  scheme="https" secure="true"
> > > > > connectionTimeout="2"
> > > > > clientAuth="false" algorithm="SunX509"
> > sslProtocol="TLS"
> > > > >keystoreFile="conf/certificate" keystorePass="x"
> > > > > useBodyEncodingForURI="true"
> > > > >SSLEnabled="true"/>
> > > >
> > > > That all looks pretty straightforward.
> > > >
> > > > When you say it's "not working", can you be more specific? Does
> > > > the Tomcat server start? Are there any errors or warnings in the logs?
> > > >
> > > > -chris
> > > >
> > > > > On Tue, Jun 14, 2022 at 7:30 PM Christopher Schultz
> > > > >  > > > > >
> > > > wrote:
> > > > >
> > > > > Pavan,
> > > > >
> > > > > On 6/14/22 08:32, Pavan Kumar Tiruvaipati wrote:
> > > > >  > We have replaced JDK 1.8 with JRE 1.8.0_333.
> > > > >  >
> > > > >  > SSL configuration

AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

2022-06-15 Thread Thomas Hoffmann (Speed4Trade GmbH)

Hello,

> -Ursprüngliche Nachricht-
> Von: Pavan Kumar Tiruvaipati 
> Gesendet: Mittwoch, 15. Juni 2022 08:59
> An: Christopher Schultz 
> Cc: Tomcat Users List 
> Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0
> 
> Hi,
> 
> Tomcat server started successfully.
> 
> I'm seeing the following error in the tomcat logs when SSL is enabled in
> server.xml
> 
> Application is not able to run on https://localhost:8080.
> 
> 2022-06-15 12:02:43,923 [http-3003-1] DEBUG
> *org.apache.tomcat.util.net.JIoEndpoint
> - Handshake failed*
> 
> *javax.net.ssl.SSLHandshakeException: no cipher suites in common at
> sun.security.ssl.Alert.createSSLException(Unknown Source) *
> 
> *at sun.security.ssl.Alert.createSSLException(Unknown Source) at
> sun.security.ssl.TransportContext.fatal(Unknown Source) *
> 
> *at sun.security.ssl.TransportContext.fatal(Unknown Source) at
> sun.security.ssl.TransportContext.fatal(Unknown Source) at
> sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(Un
> known
> Source) at
> sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(Unknown
> Source) at sun.security.ssl.SSLHandshake.produce(Unknown Source) at
> sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(Unknown
> Source) at
> sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown
> Source) at
> sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown
> Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source) at
> sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> sun.security.ssl.TransportContext.dispatch(Unknown Source) at
> sun.security.ssl.SSLTransport.decode(Unknown Source) at
> sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at
> sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) at
> sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
> sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
> org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFac
> tory.java:233)
> at
> org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:7
> 01)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:503)
> at java.lang.Thread.run(Unknown Source)*
> 
> If I disable SSL in tomcat server.xml, It's working with Non-SSL (
> http://localhost:8080).
> 
> Does Tomcat SSL configuration work with JRE 1.8.0 ? Are there any changes
> required to establish a handshake ?
> 
> Please let me know if you need more details.
> 
> 
> Regards,
> Pavan
> 
> On Tue, Jun 14, 2022 at 10:44 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
> 
> > Pavan,
> >
> > Please reply to the list and not me personally.
> >
> > On 6/14/22 11:21, Pavan Kumar Tiruvaipati wrote:
> > >  > > maxThreads="150" minSpareThreads="25"
> > maxSpareThreads="75"
> > > enableLookups="false" disableUploadTimeout="true"
> > > acceptCount="100"  scheme="https" secure="true"
> > > connectionTimeout="2"
> > > clientAuth="false" algorithm="SunX509" sslProtocol="TLS"
> > >keystoreFile="conf/certificate" keystorePass="x"
> > > useBodyEncodingForURI="true"
> > >SSLEnabled="true"/>
> >
> > That all looks pretty straightforward.
> >
> > When you say it's "not working", can you be more specific? Does the
> > Tomcat server start? Are there any errors or warnings in the logs?
> >
> > -chris
> >
> > > On Tue, Jun 14, 2022 at 7:30 PM Christopher Schultz
> > > mailto:ch...@christopherschultz.net>>
> > wrote:
> > >
> > > Pavan,
> > >
> > > On 6/14/22 08:32, Pavan Kumar Tiruvaipati wrote:
> > >  > We have replaced JDK 1.8 with JRE 1.8.0_333.
> > >  >
> > >  > SSL configuration was working fine with Tomcat 6.0.45 before
> > > replacing JDK
> > >  > with JRE.
> > >  >
> > >  > Now it's not working.
> > >  >
> > >  > In server.xml, SSL Protocol is set to "TLS".
> > >  >
> > >  > Does Tomcat 6.0.45 support SSL with JRE 1.8.0_333 ?
> > >  >
> > >  > Are there any specific protocols / versions to be used to enable
> > > SSL ?
> > >
> > > Please post your  configuration. Remove any secrets
> > > that
> > may
> > > be in there (e.g. passwords).
> > >
> > > -chris
> > >
> >

The error says that the client and the server couldn’t find a common cipher 
suite.
They couldn’t agree on any cipher.
Does your keystore contain a valid private key?

Maybe you can try to print out all available cipher suites on your environment:
https://stackoverflow.com/questions/9333504/how-can-i-list-the-available-cipher-algorithms
You can add the code to a jsp-page and print out the available algorithms.

Greetings,
Thomas

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AW: AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

Re: AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

Re: AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

6 matches

Site Navigation

Mail list logo

Footer information