All, I'm using Tomcat 7.0.82 and java 1.8.0_152.
I cannot get Tomcat to accept elliptic curve ciphers. I've written a small SSL socket server that uses the same certificate as the server and deployed it on the same machine using the same JDK. It accepts EC ciphers just fine so I don't think there is anything in the JDK that has disabled them, etc. With verbose SSL enabled, Tomcat, however, complains about "http-bio-7114-exec-4, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common." If I omit the "ciphers" property of the connector, I get this: No available cipher suite for TLSv1 No available cipher suite for TLSv1.1 No available cipher suite for TLSv1.2 If I set ciphers="ALL," I'm back to "no cipher suites in common." If I explicitly tell Tomcat to accept TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, which works with my socket server, I get "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)." BTW I have an RSA cert on the server with a 2048-bit key and signed using SHA256withRSA. One of the connector configs I've tried. <Connector port="7114" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="400" maxKeepAliveRequests="100" keepAliveTimeout="10000" scheme="https" secure="true" clientAuth="true" sessionCacheSize="5" sslProtocol="TLS" keystoreFile="/path/to/keystore" keystorePass="${keystore.password}" keyAlias="test" truststoreFile="/path/to/cacerts" truststorePass="${truststore.password}" allowUnsafeLegacyRenegotiation="false" /> Thanks John