Dear John & Raj, *My JVM version is 8.1.015 and Tomcat version is 8.5.13* Please see the version details below - ========================================================================================== E:\BOE\tomcat\bin>version Using CATALINA_BASE: "E:\BOE\tomcat" Using CATALINA_HOME: "E:\BOE\tomcat" Using CATALINA_TMPDIR: "E:\BOE\tomcat\temp" Using JRE_HOME: "E:\BOE\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\" Using CLASSPATH: "E:\BOE\tomcat\bin\bootstrap.jar;E:\BOE\tomcat\bin\tomcat-juli.jar" Server version: Apache Tomcat/8.5.13 Server built: Mar 27 2017 14:25:04 UTC Server number: 8.5.13.0 OS Name: Windows NT (unknown) OS Version: 10.0 Architecture: amd64 JVM Version: 8.1.015 JVM Vendor: SAP AG E:\BOE\tomcat\bin> ===========================================================================================
As suggested I added below parameters in Java Option of Tomcat configuration still facing the same error related to TLS protocol and ciphers =========================================================================================== -Dhttps.protocols=TLSv1.2 -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 =========================================================================================== As requested, please find the HTTPS connector details below from server.xml =========================================================================================== <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="E:\SSL\.keystore" keystorePass="Am1@k123" clientAuth="false" sslProtocol="TLS"/> ============================================================================================ Regards, Sameer On Sun, Jan 6, 2019 at 7:57 PM Rajendra <rajendrapopur...@gmail.com> wrote: > Yes, TLS 1.2 protocol not enabled by default prior to jdk1.7.0_131 > version. It has to enabled explicitly in order to support TLS1.2 if you are > using earlier versions of jdk1.7. > > Thanks ! > > Rajendra > > From: John Larsen > Sent: 06 January 2019 11:17 > To: Tomcat Users List > Subject: Re: Tomcat SSL - unsupported protocol or cipher suit error > > I have run into this and solved it. > > Basically its due to JDK versions 7 and older. > Two options to fix. > 1. upgrade to jdk8 > 2. Add the following to your JAVA_OPTS or CATALINA_OPTS: > -Dhttps.protocols=TLSv1.2 > -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > > John > > On Sun, Jan 6, 2019 at 6:39 AM Rajendra <rajendrapopur...@gmail.com> > wrote: > > > Sameer, can you please share Connector element for ssl port in server.xml > > file? > > > > Also, what is Jdk version you are using? > > > > Thanks ! > > > > Rajendra > > > > From: Sameer Umbrajkar > > Sent: 06 January 2019 08:13 > > To: users@tomcat.apache.org > > Subject: Tomcat SSL - unsupported protocol or cipher suit error > > > > Dear All, > > > > I am trying to configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am > facing > > below error after importing the certificates. > > > > ================================================================== > > > > This page can’t be displayed > > > > Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try > > connecting to *https://localhost:8443 <https://localhost:8443/> *again. > If > > this error persists, it is possible that this site uses an unsupported > > protocol or cipher suite such as RC4 (link for the details) > > <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered > > secure. Please contact your site administrator > > > > =================================================================== > > > > > > To generate Key store > > keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA > > > > To generate Certificate request i.e. CSR > > keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore > > E:\SSL\.keystore > > > > To import chain (intermediate CA) > > keytool -import -trustcacerts -alias intermediate -keystore > > E:\SSL\.keystore -file E:\SSL\MOFChain.cer > > > > To import the signed server certificate > > keytool -import -alias tomcat -keystore E:\SSL\.keystore -file > > E:\SSL\mbq.cer > > > > We did not face error while importing the signed certificates however > > facing TLS protocol/cipher suit related issue now. > > Please help with your insights to resolve the issue > > > > Regards, > > > > Sameer > > > > > > -- sameer007
