Chris, I tried curl with the -tls1 switch and received the same error.
[ec2-user@ip-172-31-52-159 bin]$ curl -vk https://bageoconsultants.com:8443 -tls1 * Rebuilt URL to: https://bageoconsultants.com:8443/ * Trying 52.54.85.95... * Connected to bageoconsultants.com (52.54.85.95) port 8443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP) * Cannot communicate securely with peer: no common encryption algorithm(s). * Closing connection 0 curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s). I also tried with openssl s_client which was the last few lines of my of the original attachment. Also a no go, [ec2-user@ip-172-31-34-217 conf]$ openssl s_client -connect bageoconsultants.com:8443 CONNECTED(00000003) 140427891013472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 249 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Thanks --George -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, November 17, 2016 9:58 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: SSL on Tomcat7 on AWS not connecting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 George, On 11/16/16 12:38 PM, George Chanady wrote: > I hope someone can help.I have exhausted all my troubleshooting skills > and all of my newbie Linux knowledge and I am at the end of my rope. > > All documentation from around the web always seem to tell me to try > everything I have already tried. I am sure that there must be a caveat > that I am missing. > > I have an AWS Linux instance with Tomcat 7.0.73 and cannot for the > life of me get the SSL working. > > I set up the AWS instance with nothing else on the server and using a > fresh installation of Tomcat with basic config settings. I am able to > connect http://mysite.com:8080 but cannot connect with > https://mysite.com:8443. I am able to SSH as that is the only way I > communicate with the server. > > I only have forwarders for port 80 and 443 in the iptables and nothing > else and have security groups in AWS setup to allow all traffic from > everywhere for ports 80, 8080, 443, and 8443. > > I have ensured the ports needed are open and listening using netstat I > have checked to ensure connectivity to the ports from other machines > using netcat I checked that the certs were installed properly and that > the tomcat connectors were pointed the proper location > > I am attaching my configuration from start to where I hit the wall. What if you give curl the --tls1 switch? Can you try with openssl s_client? I find that tends to give more information about the conversation. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYLcVwAAoJEBzwKT+lPKRY+7UQAIURP7wWTMinfL8E28SERuwK NsyvBQOEsWXSHweN5tkmgqiUF7zWcYFf0j+reDpaEvR9KIV+Wd1vI/LvCqQO7wEA p8Nv+jvet3ObWOInN9A0HcZsf8H5bpuIrE0a2d/B5P2EIFEOlESgjhgyEjcNEVL/ LFwSZX+rCbtzt/vSSk8fQpout7+5jaYIOLOhxmB4qAvBJI3dLXOV4d3Kfty+FxrK JfUwBDsS4RdZoH+i52XXemERR+Y5cIcpNul2BFQ0xo2knRfVPl1b1mzWxJGuAFbI lHZr9QuyaOymgYJ6PTGRQZXx2jXCdYM7U8ryTShTeiGC8b5IMfMF9z2E3qRfdcAw RZXaDJ3GKVPcZcGBvFCtP6G5I1UiOi6PrXu/TkjmfG8tlyqA3dkXyH/dIYUYuO0Y h65brIcLNZZbiOECX0v/jupMlnHa584cZcYOnvXF9wrfBQb3d62PFf4DRO+a0ozk AKEGxBdGt75KzMpb5PS6pH+T74P6LHqrCTEzZ63G9O0No0CSKFwRizb+4DGeOTDN dYk7Bx7+HolYe1u02mBgEfgfwItrj8131ddHoHSp8btYVyJ+2HfmI9DOJV9Cxo+r 1aa0DeIsu6G24TkFrpNzn+SgBYyZdp/+lNeWnxbz4fu4wMLcetVbpSdSjQ8xeKna uIACDouiyhLDNYXgVhmz =/Z5J -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
