Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-11 Thread Terence M. Bandoian
On 10/10/2017 1:20 AM, Peter Kreuser wrote: Christopher, A good read on the appropriate (openssl) cipher string that I use can be found here: https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ Hynek explains the whys and don'ts and updates the string on a regular basis! HTH

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-10 Thread James H. H. Lampert
On 10/9/17, 2:19 PM, Christopher Schultz (Tomcat List guru) wrote (with regard to a "ciphers" clause in a connector tag): . . . You need to list everything. . . . Ok. I really didn't need a command-line tool (thanks, though, on behalf of whoever actually does end up needing one); just an

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-10 Thread Peter Kreuser
Christopher, Peter Kreuser > Am 10.10.2017 um 00:14 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > >> On 10/9/17 5:19 PM, Christopher Schultz wrote: >>> On 10/6/17 6:34 PM, James H. H. Lampert wrote: >>>

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 10/9/17 5:19 PM, Christopher Schultz wrote: > On 10/6/17 6:34 PM, James H. H. Lampert wrote: >> Noting that my connector tag is written using Tomcat 7 connector >> syntax, is there a good example of how to code a ciphers clause >> for

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 10/6/17 6:34 PM, James H. H. Lampert wrote: > On 10/6/17, 6:58 AM, Mark Thomas (Tomcat List) wrote: > >> It might help to think of it like this: >> >> There are the ciphers that a JVM supports. The JVM only enables >> sub-set of the

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-06 Thread logo
James, > On 10/6/17, 6:58 AM, Mark Thomas (Tomcat List) wrote: > >> It might help to think of it like this: >> >> There are the ciphers that a JVM supports. >> The JVM only enables sub-set of the supported ciphers are enabled by >> default. >> Tomcat with a default configuration only uses a

BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-06 Thread James H. H. Lampert
On 10/6/17, 6:58 AM, Mark Thomas (Tomcat List) wrote: It might help to think of it like this: There are the ciphers that a JVM supports. The JVM only enables sub-set of the supported ciphers are enabled by default. Tomcat with a default configuration only uses a sub-set of the ciphers that the

Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-06 Thread Mark Thomas
On 05/10/17 18:52, James H. H. Lampert wrote: > This just keeps getting weirder. > > Late yesterday afternoon, I did a lengthy "stare-and-compare" between > what SSLInfo returned for the two different Tomcat servers, and I > couldn't find any differences. But then, I got called away from this on

Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-05 Thread James H. H. Lampert
This just keeps getting weirder. Late yesterday afternoon, I did a lengthy "stare-and-compare" between what SSLInfo returned for the two different Tomcat servers, and I couldn't find any differences. But then, I got called away from this on something that kept me in the office until after 7

Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 10/4/17 3:44 PM, James H. H. Lampert wrote: > On 10/4/17, 12:26 PM, Christopher Schultz wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> >> James, > . . . >> Okay so you are in no way interfering with the defaults. That >>

Re: [OT] Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 10/4/17 12:54 PM, James H. H. Lampert wrote: > On the HTTPAPI/FTPAPI list, I was told that HTTPAPI uses the > operating system's SSL support (which was how I thought it worked), > and directed to look through the system values to see what

Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-04 Thread James H. H. Lampert
On 10/4/17, 12:26 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, . . . Okay so you are in no way interfering with the defaults. That means you'll get (depending upon your exact versions of various things) a Tomcat which supports TLSv1 or later, and most

Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 10/4/17 3:15 PM, James H. H. Lampert wrote: > Christopher Schultz (Tomcat list guru) wrote: /me bows >> Looks like your server only has ECDHE-based suites available, and >> the client supports none of those. Can you post your >>

Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-04 Thread James H. H. Lampert
Christopher Schultz (Tomcat list guru) wrote: Looks like your server only has ECDHE-based suites available, and the client supports none of those. Can you post your configuration from conf/server.xml? Yes, and I can also post something else. I found the Java source for your own "SSLInfo"

Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 10/4/17 12:54 PM, James H. H. Lampert wrote: > I wrote: >>> I mean, I know that I need to get HTTPAPI and Tomcat speaking >>> the same language, but where do I begin? > Here's what I got back when I ran the SSLLabs server test on the >

Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-04 Thread James H. H. Lampert
I wrote: I mean, I know that I need to get HTTPAPI and Tomcat speaking the same language, but where do I begin? Here's what I got back when I ran the SSLLabs server test on the cloud server: Protocols TLS 1.3 No TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 No

Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-03 Thread James H. H. Lampert
I wrote: I mean, I know that I need to get HTTPAPI and Tomcat speaking the same language, but where do I begin? Christopher Schultz (Tomcat List) wrote: First, I would check to see what Tomcat is actually advertising. There are several ways to do that. One of them is to use Qualys's SSLLabs

Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-03 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 10/3/17 5:52 PM, James H. H. Lampert wrote: > Dear Mr. Klement, and members of the Tomcat List: > > I have a series of AS/400 programs using HTTPAPI to access > services hosted by a webapp running under Tomcat. > > Up until now, I've

Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-03 Thread James H. H. Lampert
Dear Mr. Klement, and members of the Tomcat List: I have a series of AS/400 programs using HTTPAPI to access services hosted by a webapp running under Tomcat. Up until now, I've only tested this configuration with Tomcat 7, running on a local Linux (CentOS) box, and the last time I tested