James,
On 1/1/25 3:10 PM, James H. H. Lampert wrote:
On 12/29/24 3:34 PM, Christopher Schultz wrote:
Do you have a capture of the exact error? Handshake errors typically
include at least a terse amount of detail.
Here is what I get, after clicking the "details" button
:
<Sad document icon>
This site can’t provide a secure connection
<REDACTED>.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
<Hide details button>
Unsupported protocol
The client and server don't support a common SSL protocol version or
cipher suite.
The "Security Overview" in developer tools simply says, "This is an
error page."
Is it possible that you are using a self-signed cert in this case? If
you do not import the signed certificate properly into the keystore, you
can end up with your private key+cert separate from the signed one from
the CA.
If you only have a single item in the keystore, that's not the issue but
double-check the Issuer and Subject of the cert. They should be
different if you are using a CA -- even if it's an internal CA like
My-Company-CA or whatever.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH really suggests Chrome doesn't like
the TLS protocol version or can't match a cipher suite but that doesn't
jive with your Qualys results. You are hitting this Tomcat instance
directly, right? Not through a proxy or anything that might be
performing its own TLS handshake that isn't Tomcat?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
