subject:"Tomcat SSL \- unsupported protocol or cipher suit error"

Re: Tomcat SSL - unsupported protocol or cipher suit error

2019-01-07 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sameer,

On 1/7/19 14:27, Sameer Umbrajkar wrote:
> Dear Chris,
> 
> Could you help me out with the connector sample with sslhostconfig.
> I have mentioned the connector details in my previous email.

Try looking at the documentation reference I put into my last post and
trying to build your own. If it does not work or causes an error, post
back here for help.

- -chris

> On Mon 7 Jan, 2019, 12:22 AM Christopher Schultz < 
> ch...@christopherschultz.net wrote:
> 
> Sameer,
> 
> On 1/6/19 13:40, Sameer Umbrajkar wrote:
 Dear John & Raj,
 
 *My JVM version is 8.1.015 and Tomcat version is 8.5.13*
 Please see the version details below - 
 ===
===
>
 

 
 
> E:\BOE\tomcat\bin>version
 Using CATALINA_BASE:   "E:\BOE\tomcat" Using CATALINA_HOME: 
 "E:\BOE\tomcat" Using CATALINA_TMPDIR: "E:\BOE\tomcat\temp"
 Using JRE_HOME:"E:\BOE\SAP BusinessObjects Enterprise
 XI 4.0\win64_x64\sapjvm\" Using CLASSPATH: 
 "E:\BOE\tomcat\bin\bootstrap.jar;E:\BOE\tomcat\bin\tomcat-juli.jar"


>
 
Server version: Apache Tomcat/8.5.13
 Server built:   Mar 27 2017 14:25:04 UTC Server number:
 8.5.13.0 OS Name:Windows NT (unknown) OS Version:
 10.0 Architecture:   amd64 JVM Version:8.1.015 JVM
 Vendor: SAP AG E:\BOE\tomcat\bin> 
 ===
===
>
 
=
 
 As suggested I added below parameters in Java Option of
 Tomcat configuration still facing the same error related to
 TLS protocol and ciphers 
 ===
===
>
 
=
 
 
> -Dhttps.protocols=TLSv1.2
 -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
 ===
===
>
 
=
 
 
> As requested, please find the HTTPS connector details below from
> server. xml
 ===
===
>
 
=
 
 
> >>> port="8443" maxThreads="200" scheme="https" secure="true" 
 SSLEnabled="true" keystoreFile="E:\SSL\.keystore" 
 keystorePass="Am1@k123" clientAuth="false"
 sslProtocol="TLS"/>
> 
> It would be better to use the more modern configuration which
> includes  elements within your 
> elements.
> 
> http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support
>
>  -chris
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
> 
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwzzJQACgkQHPApP6U8
pFjmTQ/8DpcJ4/a+MIWCn4g13ynXk/jyA9Y25fwUOOLNSppH2bzJtu2fQSQ7CTdf
y79AqpGxSMayDKoASHX3+lafKC2bcsQhD+nm55UmJGfe+OmlCoNUGkseDcars6SW
iZuUdDqnuOUFqO9LagNxP7bfzThx+LwuwNo3EsNZ7tsV5SuKzRHxJPo1nPUJZXTX
4akzIemc+KyPASF5FJrbVyvajczy2sQjRll6Mts3N5pxpMY7zSihxxYN8zb8m2pT
iUKisipS3vfJaZI6cndCirXhHak8J+oGFdYeL8eNLWf04GhRfnc3pqay8uIjQ20z
a0H29WNxyx9qXEvxOk5lI2mjEMHMzdSZd1DBYPj7/4SA74jAr4+4RBEmm4rt4xQA
fPBcpTO2/K9juSPAXYfFG72YvAyYQMb8K8GB+MNZ/uWZidIB+T27tRf/d46IOvdK
LKMtGs4wJ2/RQmxkOcIjwPUry4N/gv9osRmWtXRvSozQrq6xNSGByzGeAKtRX9Sd
3s6h5abBwtxb+X5DGGss28F/dugQTVoFJxgUUzVak2P3kzlbE/zT9fq4C6slGTbZ
lCg4uqdrEQetlpd7hIa4dKetjhvIfbGdykfzWZkYD0KjKqwH6bEidMrO5dvrYxdj
WrAdz4vSmwMCHq9/SfNlWGTHDutmClnCcxlqZN18epZMfkGrrbg=
=rY0N
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat SSL - unsupported protocol or cipher suit error

2019-01-07 Thread Sameer Umbrajkar

Dear Chris,

Could you help me out with the connector sample with sslhostconfig. I have
mentioned the connector details in my previous email.

On Mon 7 Jan, 2019, 12:22 AM Christopher Schultz <
ch...@christopherschultz.net wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Sameer,
>
> On 1/6/19 13:40, Sameer Umbrajkar wrote:
> > Dear John & Raj,
> >
> > *My JVM version is 8.1.015 and Tomcat version is 8.5.13* Please see
> > the version details below -
> > ==
> 
> >
> >
> E:\BOE\tomcat\bin>version
> > Using CATALINA_BASE:   "E:\BOE\tomcat" Using CATALINA_HOME:
> > "E:\BOE\tomcat" Using CATALINA_TMPDIR: "E:\BOE\tomcat\temp" Using
> > JRE_HOME:"E:\BOE\SAP BusinessObjects Enterprise XI
> > 4.0\win64_x64\sapjvm\" Using CLASSPATH:
> > "E:\BOE\tomcat\bin\bootstrap.jar;E:\BOE\tomcat\bin\tomcat-juli.jar"
> >
> >
> Server version: Apache Tomcat/8.5.13
> > Server built:   Mar 27 2017 14:25:04 UTC Server number:  8.5.13.0
> > OS Name:Windows NT (unknown) OS Version: 10.0
> > Architecture:   amd64 JVM Version:8.1.015 JVM Vendor: SAP
> > AG E:\BOE\tomcat\bin>
> > ==
> =
> >
> >  As suggested I added below parameters in Java Option of Tomcat
> > configuration still facing the same error related to TLS protocol
> > and ciphers
> > ==
> =
> >
> >
> - -Dhttps.protocols=TLSv1.2
> > -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> > ==
> =
> >
> >
> As requested, please find the HTTPS connector details below from server.
> xml
> > ==
> =
> >
> >
>  > port="8443" maxThreads="200" scheme="https" secure="true"
> > SSLEnabled="true" keystoreFile="E:\SSL\.keystore"
> > keystorePass="Am1@k123" clientAuth="false" sslProtocol="TLS"/>
>
> It would be better to use the more modern configuration which includes
>  elements within your  elements.
>
> http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwycYkACgkQHPApP6U8
> pFi+tw//ajl4qF4/leS0vP7GTZmxom3WtVbbxYQHRIL1+GDD922etcS60kgsD4cE
> dcQlmzPuChA0HOOn7MXgL8NH2edxRc6rssoQx2TuQcNotD2QfAQhRaLuV5usKG6h
> 1sv4tz2BuBVbAtEWSjwI3qtqv6feaJCtR1AU2kIlQilnbcKS2yEy/7jtW58UcmvZ
> SxjQ6Bxedm0LGcu7rwRVVKkYzKkJhhz+W1Bv8fFEp5KeY+sLPupsntlsVrC2cXL5
> c44XMBKHnRudiIk0p+d2gQPwYGTH4UtRMIX8W74Vfen60YweI9TpfuNSf9wC5TEP
> kLUk2+++hPTMxDW8BliZIMxJW7V+m9BpaGffGygGPbmMaVAWFg0v7yefmPVaiGz0
> QLLRstMpySoHDg51mptQpj49YHTZtuYtKlwQbSVIBxy+BAGUzAFnGRIAG9MYRyLG
> 4HpwDzYplyCRev/C+btjogMUWv+czxbqig5tcNtmMtX/Ycsiu24rq5EQbgqxzFTC
> IiSXqEz8zguJJZfgv676CJzzuWskSFZHLWeShiDN5H1EMj/NOzkwGESvFkuwrhVd
> RRQNNpS9+Z9754dd9iy8QwCR0avtE3Gxcfa6ID2JeuRpLSKpOg9JMcp/WkSjNMyc
> futM588UHDPm8Mv2+9pPirPSc9EOFeAXJ3cb7oxc/ef65SGnFxE=
> =Y8ni
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat SSL - unsupported protocol or cipher suit error

2019-01-06 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sameer,

On 1/6/19 13:40, Sameer Umbrajkar wrote:
> Dear John & Raj,
> 
> *My JVM version is 8.1.015 and Tomcat version is 8.5.13* Please see
> the version details below - 
> ==

>
> 
E:\BOE\tomcat\bin>version
> Using CATALINA_BASE:   "E:\BOE\tomcat" Using CATALINA_HOME:
> "E:\BOE\tomcat" Using CATALINA_TMPDIR: "E:\BOE\tomcat\temp" Using
> JRE_HOME:"E:\BOE\SAP BusinessObjects Enterprise XI 
> 4.0\win64_x64\sapjvm\" Using CLASSPATH: 
> "E:\BOE\tomcat\bin\bootstrap.jar;E:\BOE\tomcat\bin\tomcat-juli.jar"
>
> 
Server version: Apache Tomcat/8.5.13
> Server built:   Mar 27 2017 14:25:04 UTC Server number:  8.5.13.0 
> OS Name:Windows NT (unknown) OS Version: 10.0 
> Architecture:   amd64 JVM Version:8.1.015 JVM Vendor: SAP
> AG E:\BOE\tomcat\bin> 
> ==
=
>
>  As suggested I added below parameters in Java Option of Tomcat 
> configuration still facing the same error related to TLS protocol
> and ciphers 
> ==
=
>
> 
- -Dhttps.protocols=TLSv1.2
> -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
> ==
=
>
> 
As requested, please find the HTTPS connector details below from server.
xml
> ==
=
>
> 
 port="8443" maxThreads="200" scheme="https" secure="true"
> SSLEnabled="true" keystoreFile="E:\SSL\.keystore"
> keystorePass="Am1@k123" clientAuth="false" sslProtocol="TLS"/>

It would be better to use the more modern configuration which includes
 elements within your  elements.

http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwycYkACgkQHPApP6U8
pFi+tw//ajl4qF4/leS0vP7GTZmxom3WtVbbxYQHRIL1+GDD922etcS60kgsD4cE
dcQlmzPuChA0HOOn7MXgL8NH2edxRc6rssoQx2TuQcNotD2QfAQhRaLuV5usKG6h
1sv4tz2BuBVbAtEWSjwI3qtqv6feaJCtR1AU2kIlQilnbcKS2yEy/7jtW58UcmvZ
SxjQ6Bxedm0LGcu7rwRVVKkYzKkJhhz+W1Bv8fFEp5KeY+sLPupsntlsVrC2cXL5
c44XMBKHnRudiIk0p+d2gQPwYGTH4UtRMIX8W74Vfen60YweI9TpfuNSf9wC5TEP
kLUk2+++hPTMxDW8BliZIMxJW7V+m9BpaGffGygGPbmMaVAWFg0v7yefmPVaiGz0
QLLRstMpySoHDg51mptQpj49YHTZtuYtKlwQbSVIBxy+BAGUzAFnGRIAG9MYRyLG
4HpwDzYplyCRev/C+btjogMUWv+czxbqig5tcNtmMtX/Ycsiu24rq5EQbgqxzFTC
IiSXqEz8zguJJZfgv676CJzzuWskSFZHLWeShiDN5H1EMj/NOzkwGESvFkuwrhVd
RRQNNpS9+Z9754dd9iy8QwCR0avtE3Gxcfa6ID2JeuRpLSKpOg9JMcp/WkSjNMyc
futM588UHDPm8Mv2+9pPirPSc9EOFeAXJ3cb7oxc/ef65SGnFxE=
=Y8ni
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat SSL - unsupported protocol or cipher suit error

2019-01-06 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Rajendra,

On 1/6/19 11:57, Rajendra wrote:
> Yes, TLS 1.2 protocol not enabled by default prior to jdk1.7.0_131
> version. It has to enabled explicitly in order to support TLS1.2 if
> you are using earlier versions of jdk1.7.

This is a Tomcat option and not a JDK option. If the JVM supports
TLSv1.2 and you have a reasonably recent version of Tomcat, the
default is to enable TLSv1, TLSv1.1, and TLSv1.2.

If you have specifically DISABLED those protocols (by specifying a
list of protocols that does NOT include them), then they will in fact
be disabled.

- -chris

> From: John Larsen Sent: 06 January 2019 11:17 To: Tomcat Users
> List Subject: Re: Tomcat SSL - unsupported protocol or cipher suit
> error
> 
> I have run into this and solved it.
> 
> Basically its due to JDK versions 7 and older. Two options to fix. 
> 1. upgrade to jdk8 2. Add the following to your JAVA_OPTS or
> CATALINA_OPTS: -Dhttps.protocols=TLSv1.2 
> -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> 
> John
> 
> On Sun, Jan 6, 2019 at 6:39 AM Rajendra
>  wrote:
> 
>> Sameer, can you please share Connector element for ssl port in
>> server.xml file?
>> 
>> Also, what is Jdk version you are using?
>> 
>> Thanks !
>> 
>> Rajendra
>> 
>> From: Sameer Umbrajkar Sent: 06 January 2019 08:13 To:
>> users@tomcat.apache.org Subject: Tomcat SSL - unsupported
>> protocol or cipher suit error
>> 
>> Dear All,
>> 
>> I am trying to  configure SSL (HTTPS) for Apache Tomcat 8.5.13. I
>> am facing below error after importing the certificates.
>> 
>> ==
>>
>>
>> 
This page can’t be displayed
>> 
>> Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and
>> try connecting to *https://localhost:8443
>> <https://localhost:8443/> *again. If this error persists, it is
>> possible that this site uses an unsupported protocol or cipher
>> suite such as RC4 (link for the details) 
>> <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not
>> considered secure. Please contact your site administrator
>> 
>> ===
>>
>>
>>
>> 
To generate Key store
>> keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA
>> 
>> To generate Certificate request i.e. CSR keytool -certreq -keyalg
>> RSA -alias tomcat -file boqa.csr -keystore E:\SSL\.keystore
>> 
>> To import chain (intermediate CA) keytool -import -trustcacerts
>> -alias intermediate -keystore E:\SSL\.keystore -file
>> E:\SSL\MOFChain.cer
>> 
>> To import the signed server certificate keytool -import -alias
>> tomcat -keystore E:\SSL\.keystore -file E:\SSL\mbq.cer
>> 
>> We did not face error while importing the signed certificates
>> however facing TLS protocol/cipher suit related issue now. Please
>> help with your insights to resolve the issue
>> 
>> Regards,
>> 
>> Sameer
>> 
>> 
> 
> 
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwycPYACgkQHPApP6U8
pFhUDg//ZR4at+75QeqWgEFkBZrBozzKtEAwd4OdrVwWxDDOFcRYZrH59x7sdQNu
YmLdEi0yb6acumtG80CLlIq8scAjbv3HxY3d+yK0WPISUB0SJo9yxwaBtm13JmPj
7mr0y35sotSP7sCi9sH2Yj5pVJCWXY4GqO/7OJKl/j2P1MI53Uk8i95HtHcsMphc
FBCfdtlg4YYE41gTTPLctfDTqQ4wCs1nhOJpfojGZ1bFVs7Yl7QT3fjOOAWroqe5
A8XBx1DK+Lk/KMGbHlbrUTaWplQZI4693oVDDKCPc1Ftq8zYi4x1sad7NGIocEqr
dRPQ6RxAZ9CcbPDJaOIIUqvg2JVyOkNga9macxSnf42MAEcV11lQDWiDn+emYciO
EEATJHp0AsJYYy4FCrVEbsou5/kfMG3Fo13tvg9BmWphDofCAem8yfGwcdwwsUuu
0Ard7qdhsqr+FmnWS17e41FDsOJQNtZ7ZoV2j3trhYIyHWj6sO0Nzot21mBTowlR
UpPb4Z7cBLu/Me5CPbslc1v1v1ky4X8lw+XS2vloRa2mmhmAq14p21kmssx8f/+3
74R2cA+L++VL9ZZyQ2Xe/ytKAdoyxnA6XgH7UAlTVKFKJnzKdbxxcUX8tpifEh8j
45Z9Jo4cJtGQA0LMSOuTIVzYsh5OSmBqGu3n8befmRaWmHFew7I=
=rXtx
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat SSL - unsupported protocol or cipher suit error

2019-01-06 Thread Sameer Umbrajkar

Dear John & Raj,

*My JVM version is 8.1.015 and Tomcat version is 8.5.13*
Please see the version details below -
==
E:\BOE\tomcat\bin>version
Using CATALINA_BASE:   "E:\BOE\tomcat"
Using CATALINA_HOME:   "E:\BOE\tomcat"
Using CATALINA_TMPDIR: "E:\BOE\tomcat\temp"
Using JRE_HOME:"E:\BOE\SAP BusinessObjects Enterprise XI
4.0\win64_x64\sapjvm\"
Using CLASSPATH:
 "E:\BOE\tomcat\bin\bootstrap.jar;E:\BOE\tomcat\bin\tomcat-juli.jar"
Server version: Apache Tomcat/8.5.13
Server built:   Mar 27 2017 14:25:04 UTC
Server number:  8.5.13.0
OS Name:Windows NT (unknown)
OS Version: 10.0
Architecture:   amd64
JVM Version:8.1.015
JVM Vendor: SAP AG
E:\BOE\tomcat\bin>
===

As suggested I added below parameters in Java Option of Tomcat
configuration still facing the same error related to TLS protocol and
ciphers
===
-Dhttps.protocols=TLSv1.2
-Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
===
As requested, please find the HTTPS connector details below from server.xml
===



Regards,

Sameer


On Sun, Jan 6, 2019 at 7:57 PM Rajendra  wrote:

> Yes, TLS 1.2 protocol not enabled by default prior to jdk1.7.0_131
> version. It has to enabled explicitly in order to support TLS1.2 if you are
> using earlier versions of jdk1.7.
>
> Thanks !
>
> Rajendra
>
> From: John Larsen
> Sent: 06 January 2019 11:17
> To: Tomcat Users List
> Subject: Re: Tomcat SSL - unsupported protocol or cipher suit error
>
> I have run into this and solved it.
>
> Basically its due to JDK versions 7 and older.
> Two options to fix.
> 1. upgrade to jdk8
> 2. Add the following to your JAVA_OPTS or CATALINA_OPTS:
> -Dhttps.protocols=TLSv1.2
> -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>
> John
>
> On Sun, Jan 6, 2019 at 6:39 AM Rajendra 
> wrote:
>
> > Sameer, can you please share Connector element for ssl port in server.xml
> > file?
> >
> > Also, what is Jdk version you are using?
> >
> > Thanks !
> >
> > Rajendra
> >
> > From: Sameer Umbrajkar
> > Sent: 06 January 2019 08:13
> > To: users@tomcat.apache.org
> > Subject: Tomcat SSL - unsupported protocol or cipher suit error
> >
> > Dear All,
> >
> > I am trying to  configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am
> facing
> > below error after importing the certificates.
> >
> > ==
> >
> > This page can’t be displayed
> >
> > Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
> > connecting to *https://localhost:8443 <https://localhost:8443/> *again.
> If
> > this error persists, it is possible that this site uses an unsupported
> > protocol or cipher suite such as RC4 (link for the details)
> > <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered
> > secure. Please contact your site administrator
> >
> > ===
> >
> >
> > To generate Key store
> > keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA
> >
> > To generate Certificate request i.e. CSR
> > keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore
> > E:\SSL\.keystore
> >
> > To import chain (intermediate CA)
> > keytool -import -trustcacerts -alias intermediate -keystore
> > E:\SSL\.keystore -file E:\SSL\MOFChain.cer
> >
> > To import the signed server certificate
> > keytool -import -alias tomcat -keystore E:\SSL\.keystore -file
> > E:\SSL\mbq.cer
> >
> > We did not face error while importing the signed certificates however
> > facing TLS protocol/cipher suit related issue now.
> > Please help with your insights to resolve the issue
> >
> > Regards,
> >
> > Sameer
> >
> >
>
>

-- 
sameer007

RE: Tomcat SSL - unsupported protocol or cipher suit error

2019-01-06 Thread Rajendra

Yes, TLS 1.2 protocol not enabled by default prior to jdk1.7.0_131 version. It 
has to enabled explicitly in order to support TLS1.2 if you are using earlier 
versions of jdk1.7.

Thanks !

Rajendra

From: John Larsen
Sent: 06 January 2019 11:17
To: Tomcat Users List
Subject: Re: Tomcat SSL - unsupported protocol or cipher suit error

I have run into this and solved it.

Basically its due to JDK versions 7 and older.
Two options to fix.
1. upgrade to jdk8
2. Add the following to your JAVA_OPTS or CATALINA_OPTS:
-Dhttps.protocols=TLSv1.2
-Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

John

On Sun, Jan 6, 2019 at 6:39 AM Rajendra  wrote:

> Sameer, can you please share Connector element for ssl port in server.xml
> file?
>
> Also, what is Jdk version you are using?
>
> Thanks !
>
> Rajendra
>
> From: Sameer Umbrajkar
> Sent: 06 January 2019 08:13
> To: users@tomcat.apache.org
> Subject: Tomcat SSL - unsupported protocol or cipher suit error
>
> Dear All,
>
> I am trying to  configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am facing
> below error after importing the certificates.
>
> ==
>
> This page can’t be displayed
>
> Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
> connecting to *https://localhost:8443 <https://localhost:8443/> *again. If
> this error persists, it is possible that this site uses an unsupported
> protocol or cipher suite such as RC4 (link for the details)
> <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered
> secure. Please contact your site administrator
>
> ===
>
>
> To generate Key store
> keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA
>
> To generate Certificate request i.e. CSR
> keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore
> E:\SSL\.keystore
>
> To import chain (intermediate CA)
> keytool -import -trustcacerts -alias intermediate -keystore
> E:\SSL\.keystore -file E:\SSL\MOFChain.cer
>
> To import the signed server certificate
> keytool -import -alias tomcat -keystore E:\SSL\.keystore -file
> E:\SSL\mbq.cer
>
> We did not face error while importing the signed certificates however
> facing TLS protocol/cipher suit related issue now.
> Please help with your insights to resolve the issue
>
> Regards,
>
> Sameer
>
>

Re: Tomcat SSL - unsupported protocol or cipher suit error

2019-01-06 Thread John Larsen

I have run into this and solved it.

Basically its due to JDK versions 7 and older.
Two options to fix.
1. upgrade to jdk8
2. Add the following to your JAVA_OPTS or CATALINA_OPTS:
-Dhttps.protocols=TLSv1.2
-Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

John

On Sun, Jan 6, 2019 at 6:39 AM Rajendra  wrote:

> Sameer, can you please share Connector element for ssl port in server.xml
> file?
>
> Also, what is Jdk version you are using?
>
> Thanks !
>
> Rajendra
>
> From: Sameer Umbrajkar
> Sent: 06 January 2019 08:13
> To: users@tomcat.apache.org
> Subject: Tomcat SSL - unsupported protocol or cipher suit error
>
> Dear All,
>
> I am trying to  configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am facing
> below error after importing the certificates.
>
> ==
>
> This page can’t be displayed
>
> Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
> connecting to *https://localhost:8443 <https://localhost:8443/> *again. If
> this error persists, it is possible that this site uses an unsupported
> protocol or cipher suite such as RC4 (link for the details)
> <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered
> secure. Please contact your site administrator
>
> ===
>
>
> To generate Key store
> keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA
>
> To generate Certificate request i.e. CSR
> keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore
> E:\SSL\.keystore
>
> To import chain (intermediate CA)
> keytool -import -trustcacerts -alias intermediate -keystore
> E:\SSL\.keystore -file E:\SSL\MOFChain.cer
>
> To import the signed server certificate
> keytool -import -alias tomcat -keystore E:\SSL\.keystore -file
> E:\SSL\mbq.cer
>
> We did not face error while importing the signed certificates however
> facing TLS protocol/cipher suit related issue now.
> Please help with your insights to resolve the issue
>
> Regards,
>
> Sameer
>
>

RE: Tomcat SSL - unsupported protocol or cipher suit error

2019-01-06 Thread Rajendra

Sameer, can you please share Connector element for ssl port in server.xml file? 

Also, what is Jdk version you are using?

Thanks !

Rajendra

From: Sameer Umbrajkar
Sent: 06 January 2019 08:13
To: users@tomcat.apache.org
Subject: Tomcat SSL - unsupported protocol or cipher suit error

Dear All,

I am trying to  configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am facing
below error after importing the certificates.

==

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
connecting to *https://localhost:8443 <https://localhost:8443/> *again. If
this error persists, it is possible that this site uses an unsupported
protocol or cipher suite such as RC4 (link for the details)
<http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered
secure. Please contact your site administrator

===


To generate Key store
keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA

To generate Certificate request i.e. CSR
keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore
E:\SSL\.keystore

To import chain (intermediate CA)
keytool -import -trustcacerts -alias intermediate -keystore
E:\SSL\.keystore -file E:\SSL\MOFChain.cer

To import the signed server certificate
keytool -import -alias tomcat -keystore E:\SSL\.keystore -file
E:\SSL\mbq.cer

We did not face error while importing the signed certificates however
facing TLS protocol/cipher suit related issue now.
Please help with your insights to resolve the issue

Regards,

Sameer

Tomcat SSL - unsupported protocol or cipher suit error

2019-01-06 Thread Sameer Umbrajkar

Dear All,

I am trying to  configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am facing
below error after importing the certificates.

==

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
connecting to *https://localhost:8443  *again. If
this error persists, it is possible that this site uses an unsupported
protocol or cipher suite such as RC4 (link for the details)
, which is not considered
secure. Please contact your site administrator

===


To generate Key store
keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA

To generate Certificate request i.e. CSR
keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore
E:\SSL\.keystore

To import chain (intermediate CA)
keytool -import -trustcacerts -alias intermediate -keystore
E:\SSL\.keystore -file E:\SSL\MOFChain.cer

To import the signed server certificate
keytool -import -alias tomcat -keystore E:\SSL\.keystore -file
E:\SSL\mbq.cer

We did not face error while importing the signed certificates however
facing TLS protocol/cipher suit related issue now.
Please help with your insights to resolve the issue

Regards,

Sameer

Re: Tomcat SSL - unsupported protocol or cipher suit error

Re: Tomcat SSL - unsupported protocol or cipher suit error

Re: Tomcat SSL - unsupported protocol or cipher suit error

Re: Tomcat SSL - unsupported protocol or cipher suit error

Re: Tomcat SSL - unsupported protocol or cipher suit error

RE: Tomcat SSL - unsupported protocol or cipher suit error

Re: Tomcat SSL - unsupported protocol or cipher suit error

RE: Tomcat SSL - unsupported protocol or cipher suit error

Tomcat SSL - unsupported protocol or cipher suit error

9 matches

Site Navigation

Mail list logo

Footer information