Interesting exception on startup when using TLS 1.3 only - configured
the connector like this:
<SSLHostConfig protocols="TLSv1.3" honorCipherOrder="true"
ciphers="TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_CCM_SHA256">
</SSLHostConfig>
using only TLS 1.3 and the configured ciphers but now I get this on startup:
11-Mar-2022 09:43:42.753 WARNUNG [main]
org.apache.tomcat.util.net.openssl.OpenSSLContext.init Fehler beim
initialisieren des SSL Contexts
java.lang.Exception: Unable to configure permitted SSL ciphers
(error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)
at org.apache.tomcat.jni.SSLContext.setCipherSuite(Native
Method)
at
org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:329)
at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at
org.apache.tomcat.util.net.Nio2Endpoint.bind(Nio2Endpoint.java:144)
at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1227)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1240)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:603)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1046)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1042)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
The cipher names does match:
https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites
and
https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.4
I am lost at that point, maybe someone has an idea.
kind regards
Torsten
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
