-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Rajendra,
On 1/6/19 11:57, Rajendra wrote: > Yes, TLS 1.2 protocol not enabled by default prior to jdk1.7.0_131 > version. It has to enabled explicitly in order to support TLS1.2 if > you are using earlier versions of jdk1.7. This is a Tomcat option and not a JDK option. If the JVM supports TLSv1.2 and you have a reasonably recent version of Tomcat, the default is to enable TLSv1, TLSv1.1, and TLSv1.2. If you have specifically DISABLED those protocols (by specifying a list of protocols that does NOT include them), then they will in fact be disabled. - -chris > From: John Larsen Sent: 06 January 2019 11:17 To: Tomcat Users > List Subject: Re: Tomcat SSL - unsupported protocol or cipher suit > error > > I have run into this and solved it. > > Basically its due to JDK versions 7 and older. Two options to fix. > 1. upgrade to jdk8 2. Add the following to your JAVA_OPTS or > CATALINA_OPTS: -Dhttps.protocols=TLSv1.2 > -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > > John > > On Sun, Jan 6, 2019 at 6:39 AM Rajendra > <rajendrapopur...@gmail.com> wrote: > >> Sameer, can you please share Connector element for ssl port in >> server.xml file? >> >> Also, what is Jdk version you are using? >> >> Thanks ! >> >> Rajendra >> >> From: Sameer Umbrajkar Sent: 06 January 2019 08:13 To: >> users@tomcat.apache.org Subject: Tomcat SSL - unsupported >> protocol or cipher suit error >> >> Dear All, >> >> I am trying to configure SSL (HTTPS) for Apache Tomcat 8.5.13. I >> am facing below error after importing the certificates. >> >> ================================================================== >> >> >> This page can’t be displayed >> >> Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and >> try connecting to *https://localhost:8443 >> <https://localhost:8443/> *again. If this error persists, it is >> possible that this site uses an unsupported protocol or cipher >> suite such as RC4 (link for the details) >> <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not >> considered secure. Please contact your site administrator >> >> =================================================================== >> >> >> >> To generate Key store >> keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA >> >> To generate Certificate request i.e. CSR keytool -certreq -keyalg >> RSA -alias tomcat -file boqa.csr -keystore E:\SSL\.keystore >> >> To import chain (intermediate CA) keytool -import -trustcacerts >> -alias intermediate -keystore E:\SSL\.keystore -file >> E:\SSL\MOFChain.cer >> >> To import the signed server certificate keytool -import -alias >> tomcat -keystore E:\SSL\.keystore -file E:\SSL\mbq.cer >> >> We did not face error while importing the signed certificates >> however facing TLS protocol/cipher suit related issue now. Please >> help with your insights to resolve the issue >> >> Regards, >> >> Sameer >> >> > > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwycPYACgkQHPApP6U8 pFhUDg//ZR4at+75QeqWgEFkBZrBozzKtEAwd4OdrVwWxDDOFcRYZrH59x7sdQNu YmLdEi0yb6acumtG80CLlIq8scAjbv3HxY3d+yK0WPISUB0SJo9yxwaBtm13JmPj 7mr0y35sotSP7sCi9sH2Yj5pVJCWXY4GqO/7OJKl/j2P1MI53Uk8i95HtHcsMphc FBCfdtlg4YYE41gTTPLctfDTqQ4wCs1nhOJpfojGZ1bFVs7Yl7QT3fjOOAWroqe5 A8XBx1DK+Lk/KMGbHlbrUTaWplQZI4693oVDDKCPc1Ftq8zYi4x1sad7NGIocEqr dRPQ6RxAZ9CcbPDJaOIIUqvg2JVyOkNga9macxSnf42MAEcV11lQDWiDn+emYciO EEATJHp0AsJYYy4FCrVEbsou5/kfMG3Fo13tvg9BmWphDofCAem8yfGwcdwwsUuu 0Ard7qdhsqr+FmnWS17e41FDsOJQNtZ7ZoV2j3trhYIyHWj6sO0Nzot21mBTowlR UpPb4Z7cBLu/Me5CPbslc1v1v1ky4X8lw+XS2vloRa2mmhmAq14p21kmssx8f/+3 74R2cA+L++VL9ZZyQ2Xe/ytKAdoyxnA6XgH7UAlTVKFKJnzKdbxxcUX8tpifEh8j 45Z9Jo4cJtGQA0LMSOuTIVzYsh5OSmBqGu3n8befmRaWmHFew7I= =rXtx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
