Hello Pavan, which client are you using to access Tomcat? Which TLS-Version are activated on that client?
Java 8 ships with ssl ciphers suitable for common browsers (in default configuration). If the server is public, use https://www.ssllabs.com/ssltest/ to check the server ciphers. If the server is not public, you can use e.g. https://github.com/rbsec/sslscan You need to check the ciphers of the server and which ciphers are enabled on the client side. I would also recommend to upgrade Tomcat because it is an ancient version and reached EOL many years ago. Greetings, Thomas > -----Ursprüngliche Nachricht----- > Von: Pavan Kumar Tiruvaipati <ptiruvaip...@gmail.com> > Gesendet: Mittwoch, 15. Juni 2022 11:14 > An: Tomcat Users List <users@tomcat.apache.org> > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0 > > Hi, > > Java ships cipher suites. We have printed all available cipher suites in our > environment. > > Tomcat is not able to enable SSL with JRE 1.8.0_333. > > The error says that the client and the server couldn’t find a common cipher > suite. > > 1. Which cipher suite to be updated in tomcat to enable SSL ? > 2. Where do we need to update the cipher suite in tomcat ? server.xml ? > > Please advise me if there is any other way to fix the SSL issue. Thank you in > advance. > > Regards, > Pavan > > On Wed, Jun 15, 2022 at 1:34 PM Thomas Hoffmann (Speed4Trade GmbH) > <thomas.hoffm...@speed4trade.com.invalid> wrote: > > > Hello, > > Java already ships with a broad variety of cipher suites. > > The crypto providers are listed in the file java.security. > > As long as you don’t modify this file, SSL should work just fine in > > the default java-configuration. > > > > Greetings, Thomas > > > > > > > -----Ursprüngliche Nachricht----- > > > Von: Pavan Kumar Tiruvaipati <ptiruvaip...@gmail.com> > > > Gesendet: Mittwoch, 15. Juni 2022 09:56 > > > An: thomas.hoffm...@speed4trade.com.invalid > > > Cc: Tomcat Users List <users@tomcat.apache.org> > > > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0 > > > > > > Hi, > > > > > > Thanks for the quick response. I will print all the available cipher > > suites. > > > > > > Where do I need to update the cipher to support SSL ? > > > > > > > > > Regards, > > > Pavan > > > > > > On Wed, Jun 15, 2022 at 12:39 PM Thomas Hoffmann (Speed4Trade > GmbH) > > > <thomas.hoffm...@speed4trade.com.invalid> wrote: > > > > > > > Hello, > > > > > > > > > -----Ursprüngliche Nachricht----- > > > > > Von: Pavan Kumar Tiruvaipati <ptiruvaip...@gmail.com> > > > > > Gesendet: Mittwoch, 15. Juni 2022 08:59 > > > > > An: Christopher Schultz <ch...@christopherschultz.net> > > > > > Cc: Tomcat Users List <users@tomcat.apache.org> > > > > > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0 > > > > > > > > > > Hi, > > > > > > > > > > Tomcat server started successfully. > > > > > > > > > > I'm seeing the following error in the tomcat logs when SSL is > > > > > enabled in server.xml > > > > > > > > > > Application is not able to run on https://localhost:8080. > > > > > > > > > > 2022-06-15 12:02:43,923 [http-3003-1] DEBUG > > > > > *org.apache.tomcat.util.net.JIoEndpoint > > > > > - Handshake failed* > > > > > > > > > > *javax.net.ssl.SSLHandshakeException: no cipher suites in common > > > > > at sun.security.ssl.Alert.createSSLException(Unknown Source) * > > > > > > > > > > *at sun.security.ssl.Alert.createSSLException(Unknown Source) at > > > > > sun.security.ssl.TransportContext.fatal(Unknown Source) * > > > > > > > > > > *at sun.security.ssl.TransportContext.fatal(Unknown Source) at > > > > > sun.security.ssl.TransportContext.fatal(Unknown Source) at > > > > > sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipher > > > > > Suit > > > > > e(Un > > > > > known > > > > > Source) at > > > > > sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(Unkn > > > > > own > > > > > Source) at sun.security.ssl.SSLHandshake.produce(Unknown Source) > > > > > at > > > > > sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(Unkn > > > > > own > > > > > Source) at > > > > > sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(U > > > > > nkno > > > > > wn > > > > > Source) at > > > > > sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown > > > > > Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source) > > > > > at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at > > > > > sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at > > > > > sun.security.ssl.TransportContext.dispatch(Unknown Source) at > > > > > sun.security.ssl.SSLTransport.decode(Unknown Source) at > > > > > sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at > > > > > sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown > > > > > Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown > > > > > Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown > > > > > Source) at org.apache.tomcat.util.net > > > > .jsse.JSSESocketFactory.handshake(JSSESocketFac > > > > > tory.java:233) > > > > > at > > > > > org.apache.tomcat.util.net > > > > .JIoEndpoint.setSocketOptions(JIoEndpoint.java:7 > > > > > 01) > > > > > at org.apache.tomcat.util.net > > > > .JIoEndpoint$Worker.run(JIoEndpoint.java:503) > > > > > at java.lang.Thread.run(Unknown Source)* > > > > > > > > > > If I disable SSL in tomcat server.xml, It's working with Non-SSL > > > > > ( http://localhost:8080). > > > > > > > > > > Does Tomcat SSL configuration work with JRE 1.8.0 ? Are there > > > > > any changes required to establish a handshake ? > > > > > > > > > > Please let me know if you need more details. > > > > > > > > > > > > > > > Regards, > > > > > Pavan > > > > > > > > > > On Tue, Jun 14, 2022 at 10:44 PM Christopher Schultz < > > > > > ch...@christopherschultz.net> wrote: > > > > > > > > > > > Pavan, > > > > > > > > > > > > Please reply to the list and not me personally. > > > > > > > > > > > > On 6/14/22 11:21, Pavan Kumar Tiruvaipati wrote: > > > > > > > <Connector port="8080" > > > > > > > maxThreads="150" minSpareThreads="25" > > > > > > maxSpareThreads="75" > > > > > > > enableLookups="false" disableUploadTimeout="true" > > > > > > > acceptCount="100" scheme="https" secure="true" > > > > > > > connectionTimeout="20000" > > > > > > > clientAuth="false" algorithm="SunX509" > > > > sslProtocol="TLS" > > > > > > > keystoreFile="conf/certificate" keystorePass="xxxxx" > > > > > > > useBodyEncodingForURI="true" > > > > > > > SSLEnabled="true"/> > > > > > > > > > > > > That all looks pretty straightforward. > > > > > > > > > > > > When you say it's "not working", can you be more specific? > > > > > > Does the Tomcat server start? Are there any errors or warnings > > > > > > in the > > logs? > > > > > > > > > > > > -chris > > > > > > > > > > > > > On Tue, Jun 14, 2022 at 7:30 PM Christopher Schultz > > > > > > > <ch...@christopherschultz.net > > > > > > > <mailto:ch...@christopherschultz.net>> > > > > > > wrote: > > > > > > > > > > > > > > Pavan, > > > > > > > > > > > > > > On 6/14/22 08:32, Pavan Kumar Tiruvaipati wrote: > > > > > > > > We have replaced JDK 1.8 with JRE 1.8.0_333. > > > > > > > > > > > > > > > > SSL configuration was working fine with Tomcat 6.0.45 > > before > > > > > > > replacing JDK > > > > > > > > with JRE. > > > > > > > > > > > > > > > > Now it's not working. > > > > > > > > > > > > > > > > In server.xml, SSL Protocol is set to "TLS". > > > > > > > > > > > > > > > > Does Tomcat 6.0.45 support SSL with JRE 1.8.0_333 ? > > > > > > > > > > > > > > > > Are there any specific protocols / versions to be > > > > > > > used to > > > > enable > > > > > > > SSL ? > > > > > > > > > > > > > > Please post your <Connector> configuration. Remove any > > > > > > > secrets that > > > > > > may > > > > > > > be in there (e.g. passwords). > > > > > > > > > > > > > > -chris > > > > > > > > > > > > > > > > > > > > > The error says that the client and the server couldn’t find a > > > > common cipher suite. > > > > They couldn’t agree on any cipher. > > > > Does your keystore contain a valid private key? > > > > > > > > Maybe you can try to print out all available cipher suites on your > > > > environment: > > > > > > > > https://stackoverflow.com/questions/9333504/how-can-i-list-the-ava > > > > ilab le-cipher-algorithms You can add the code to a jsp-page and > > > > print out the available algorithms. > > > > > > > > Greetings, > > > > Thomas > > > > > > > > ------------------------------------------------------------------ > > > > --- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > >
