Re: Tomcat SSL - unsupported protocol or cipher suit error

Sun, 06 Jan 2019 08:17:35 -0800 

I have run into this and solved it.

Basically its due to JDK versions 7 and older.
Two options to fix.
1. upgrade to jdk8
2. Add the following to your JAVA_OPTS or CATALINA_OPTS:
-Dhttps.protocols=TLSv1.2
-Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

John

On Sun, Jan 6, 2019 at 6:39 AM Rajendra <rajendrapopur...@gmail.com> wrote:

> Sameer, can you please share Connector element for ssl port in server.xml
> file?
>
> Also, what is Jdk version you are using?
>
> Thanks !
>
> Rajendra
>
> From: Sameer Umbrajkar
> Sent: 06 January 2019 08:13
> To: users@tomcat.apache.org
> Subject: Tomcat SSL - unsupported protocol or cipher suit error
>
> Dear All,
>
> I am trying to  configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am facing
> below error after importing the certificates.
>
> ==================================================================
>
> This page can’t be displayed
>
> Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
> connecting to *https://localhost:8443 <https://localhost:8443/> *again. If
> this error persists, it is possible that this site uses an unsupported
> protocol or cipher suite such as RC4 (link for the details)
> <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered
> secure. Please contact your site administrator
>
> ===================================================================
>
>
> To generate Key store
> keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA
>
> To generate Certificate request i.e. CSR
> keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore
> E:\SSL\.keystore
>
> To import chain (intermediate CA)
> keytool -import -trustcacerts -alias intermediate -keystore
> E:\SSL\.keystore -file E:\SSL\MOFChain.cer
>
> To import the signed server certificate
> keytool -import -alias tomcat -keystore E:\SSL\.keystore -file
> E:\SSL\mbq.cer
>
> We did not face error while importing the signed certificates however
> facing TLS protocol/cipher suit related issue now.
> Please help with your insights to resolve the issue
>
> Regards,
>
> Sameer
>
>

Reply via email to