Chris,
> -----Original Message----- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Monday, January 08, 2018 8:16 PM > To: users@tomcat.apache.org > Subject: Re: Why will Tomcat not accept EC cipher suites? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > John, > > On 1/8/18 6:28 PM, john.e.gr...@wellsfargo.com.INVALID wrote: > > Chris and Mark, > >> -----Original Message----- From: Christopher Schultz > >> [mailto:ch...@christopherschultz.net] Sent: Monday, January 08, > >> 2018 5:21 PM To: users@tomcat.apache.org Subject: Re: Why will Tomcat > >> not accept EC cipher suites? > >> > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > >> > >> Mark, > >> > >> On 1/8/18 3:36 PM, Mark Thomas wrote: > >>> On 08/01/18 19:34, john.e.gr...@wellsfargo.com.INVALID wrote: > >>>> All, > >>>> > >>>> I'm using Tomcat 7.0.82 and java 1.8.0_152. > >>>> > >>>> I cannot get Tomcat to accept elliptic curve ciphers. I've written > >>>> a small SSL socket server that uses the same certificate as the > >>>> server and deployed it on the same machine using the same JDK. It > >>>> accepts EC ciphers just fine so I don't think there is anything in > >>>> the JDK that has disabled them, etc. With verbose SSL enabled, > >>>> Tomcat, however, complains about "http-bio-7114-exec-4, handling > >>>> exception: > >>>> javax.net.ssl.SSLHandshakeException: no cipher suites in common." > >>>> > >>>> If I omit the "ciphers" property of the connector, I get > >>>> this: > >>>> > >>>> No available cipher suite for TLSv1 No available cipher suite for > >>>> TLSv1.1 No available cipher suite for TLSv1.2 > >>>> > >>>> If I set ciphers="ALL," I'm back to "no cipher suites in common." > >>>> > >>>> If I explicitly tell Tomcat to accept > >>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, which works with my > >> socket > >>>> server, I get "No appropriate protocol (protocol is disabled or > >>>> cipher suites are inappropriate)." > >>>> > >>>> BTW I have an RSA cert on the server with a 2048-bit key and signed > >>>> using SHA256withRSA. > >>>> > >>>> One of the connector configs I've tried. > >>>> > >>>> <Connector port="7114" protocol="HTTP/1.1" SSLEnabled="true" > >>>> maxThreads="400" maxKeepAliveRequests="100" > >>>> keepAliveTimeout="10000" scheme="https" secure="true" > >>>> clientAuth="true" sessionCacheSize="5" sslProtocol="TLS" > >>>> keystoreFile="/path/to/keystore" > >>>> keystorePass="${keystore.password}" keyAlias="test" > >>>> truststoreFile="/path/to/cacerts" > >>>> truststorePass="${truststore.password}" > >>>> allowUnsafeLegacyRenegotiation="false" /> > >>> > >>> Try getting it to work without client authentication to start with. > >> > >> +1 > >> > >>> I don't see anything that jumps out as wrong in the above. > >> > >> Also, John, what client are you using to test? > >> > >> - -chris > > > > At Mark's suggestion, I disabled client auth, but it didn't make any > > difference. The handshake fails before it even gets to that step. > > > > I'm using several different clients, including HP Performance Center, > > openssl, and a couple of java clients that I wrote myself (one uses > > SSLSocket directly and one uses HttpsUrlConnection.) > > > > Currently I'm looking at the JDK's ServerHandshaker class to make sure > > I understand the log messages. > > Are you doing something mundane such as: > > $ openssl s_client -connect example.com:8443 ? > > I would expect that to be able to negotiate a TLS connection with a pretty > standard Tomcat with TLS enabled (and nothing in particular specified for > ciphers, protocols, etc.). > > - -chris It turns out that we have elliptic curve ciphers explicitly disabled with the system property -Dcom.sun.net.ssl.enableECC=false. I know the OWASP cheat sheet says to favor DHE over ECDHE but I'll have to ask around to find out if that's the reason. Thanks
