-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Kevin,
On 7/7/17 12:40 PM, Kevin Mango wrote: > I was able to resolve this by using > "-Dcom.sun.net.ssl.enableECC=false" when starting tomcat to disable > the use of Elliptic Curves, the only issue now is that Google > Chrome is having issues finding a common cipher suite to use, > giving the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH. Your configuration does not include any specification for cipher suites: >>> Here is the connector in our server.xml file: >>> >>> <Connector port="8443" >>> protocol="org.apache.coyote.http11.Http11NioProtocol" >>> maxThreads="200" scheme="https" secure="true" >>> SSLEnabled="true" defaultSSLHostConfigName="<hostname> " >>>> >>> <SSLHostConfig hostname="<hostname> " protocols="TLSv1.2" >>> sslProtocol="TLSv1.2"> <Certificate >>> certificateKeystoreFile="<pfx cert location and full file >>> name>" certificateKeystorePassword="<password>" >>> certificateKeystoreType="PKCS12" type="RSA"/> </SSLHostConfig> >>> >>> </Connector> So it would be unusual for a client and server not to be able to agree on a cipher suite. Are you adjusting the available cipher suites any other way (e.g. system property that affects JSSE, edits to $JAVA_HOME/jre/security/*.policy, etc.)? What kind of certificate are you using? Is it an ECC certificate (rather than the more common RSA certificates)? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZZRGfAAoJEBzwKT+lPKRYXw4P/Rp2LJILdM0w5xVpVoyF/yyo PCj3TWJPMS2F188gYZnpAEj69bXjfP7nIvFt0JpWN6VYhYkLaiOKot9IUp7aRUBQ jJgJqJ7LEVA2pS9fE+ioQV0APdchXKhuab3iiRs+dikulJWhvWPO+8+N7jzCrhvQ iohHdmnOK8DdoJdd9OL1j/+vWPj3Bwc9sucR4DCvEeCZ2jG+zRNDM0mFcwqSkz0T 0QdEdvbj6VeBQTJiGRFVGF+RncdTH2D266Jh/8Xc3DUut8sQEI/gUrlSSluFw33e B9Aye4V20c8KJ5gJ92pCyGHbsOkdxgQobKvfOp/2UlYJyGZxQcfabLN99wc8TPqm mHxvq9s3eEYCesvd1AiVGeguO8Pmdg62ml5/CR7/QIJFXKvXmn+IxTsqj+1VWDmK QqQmvw8vwVEDXMYppzT4UX8UX9xWWGLEGL5eOTgcsI81Qeo0sBO5r1KojhNgv1kl JB/1V0jS4RJ3E4BzOPMM+lB3DOwHpdtVFPotQq+4bVI8W87bM2nQL3mGZvBsMF6Q Zj9FWUB5d7wS0KLeOlIJANQT+1kwjbK1i08irwmLYCqQyrUq7+csR+xh1TZRKuhT paVCNRmx7Xryk/kWQf4g2d0yoSwJhTduIgMmrrLqIUY6UNfjZtNXF4fX5q93nnvP F6twQiax7locrje76JUo =0o+S -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
