You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Sameer Umbrajkar <sa...@gmail.com> on 2019/01/06 13:13:07 UTC
Tomcat SSL - unsupported protocol or cipher suit error
Dear All,
I am trying to configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am facing
below error after importing the certificates.
==================================================================
This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
connecting to *https://localhost:8443 <https://localhost:8443/> *again. If
this error persists, it is possible that this site uses an unsupported
protocol or cipher suite such as RC4 (link for the details)
<http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered
secure. Please contact your site administrator
===================================================================
To generate Key store
keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA
To generate Certificate request i.e. CSR
keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore
E:\SSL\.keystore
To import chain (intermediate CA)
keytool -import -trustcacerts -alias intermediate -keystore
E:\SSL\.keystore -file E:\SSL\MOFChain.cer
To import the signed server certificate
keytool -import -alias tomcat -keystore E:\SSL\.keystore -file
E:\SSL\mbq.cer
We did not face error while importing the signed certificates however
facing TLS protocol/cipher suit related issue now.
Please help with your insights to resolve the issue
Regards,
Sameer
Re: Tomcat SSL - unsupported protocol or cipher suit error
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sameer,
On 1/7/19 14:27, Sameer Umbrajkar wrote:
> Dear Chris,
>
> Could you help me out with the connector sample with sslhostconfig.
> I have mentioned the connector details in my previous email.
Try looking at the documentation reference I put into my last post and
trying to build your own. If it does not work or causes an error, post
back here for help.
- -chris
> On Mon 7 Jan, 2019, 12:22 AM Christopher Schultz <
> chris@christopherschultz.net wrote:
>
> Sameer,
>
> On 1/6/19 13:40, Sameer Umbrajkar wrote:
>>>> Dear John & Raj,
>>>>
>>>> *My JVM version is 8.1.015 and Tomcat version is 8.5.13*
>>>> Please see the version details below -
>>>> ===================================================================
===
>
>>>>
====================
>>>>
>>>>
> E:\BOE\tomcat\bin>version
>>>> Using CATALINA_BASE: "E:\BOE\tomcat" Using CATALINA_HOME:
>>>> "E:\BOE\tomcat" Using CATALINA_TMPDIR: "E:\BOE\tomcat\temp"
>>>> Using JRE_HOME: "E:\BOE\SAP BusinessObjects Enterprise
>>>> XI 4.0\win64_x64\sapjvm\" Using CLASSPATH:
>>>> "E:\BOE\tomcat\bin\bootstrap.jar;E:\BOE\tomcat\bin\tomcat-juli.jar"
>>>>
>>>>
>
>>>>
Server version: Apache Tomcat/8.5.13
>>>> Server built: Mar 27 2017 14:25:04 UTC Server number:
>>>> 8.5.13.0 OS Name: Windows NT (unknown) OS Version:
>>>> 10.0 Architecture: amd64 JVM Version: 8.1.015 JVM
>>>> Vendor: SAP AG E:\BOE\tomcat\bin>
>>>> ===================================================================
===
>
>>>>
=====================
>>>>
>>>> As suggested I added below parameters in Java Option of
>>>> Tomcat configuration still facing the same error related to
>>>> TLS protocol and ciphers
>>>> ===================================================================
===
>
>>>>
=====================
>>>>
>>>>
> -Dhttps.protocols=TLSv1.2
>>>> -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>>>> ===================================================================
===
>
>>>>
=====================
>>>>
>>>>
> As requested, please find the HTTPS connector details below from
> server. xml
>>>> ===================================================================
===
>
>>>>
=====================
>>>>
>>>>
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
>>>> port="8443" maxThreads="200" scheme="https" secure="true"
>>>> SSLEnabled="true" keystoreFile="E:\SSL\.keystore"
>>>> keystorePass="Am1@k123" clientAuth="false"
>>>> sslProtocol="TLS"/>
>
> It would be better to use the more modern configuration which
> includes <SSLHostConfig> elements within your <Connector>
> elements.
>
> http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support
>
> -chris
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwzzJQACgkQHPApP6U8
pFjmTQ/8DpcJ4/a+MIWCn4g13ynXk/jyA9Y25fwUOOLNSppH2bzJtu2fQSQ7CTdf
y79AqpGxSMayDKoASHX3+lafKC2bcsQhD+nm55UmJGfe+OmlCoNUGkseDcars6SW
iZuUdDqnuOUFqO9LagNxP7bfzThx+LwuwNo3EsNZ7tsV5SuKzRHxJPo1nPUJZXTX
4akzIemc+KyPASF5FJrbVyvajczy2sQjRll6Mts3N5pxpMY7zSihxxYN8zb8m2pT
iUKisipS3vfJaZI6cndCirXhHak8J+oGFdYeL8eNLWf04GhRfnc3pqay8uIjQ20z
a0H29WNxyx9qXEvxOk5lI2mjEMHMzdSZd1DBYPj7/4SA74jAr4+4RBEmm4rt4xQA
fPBcpTO2/K9juSPAXYfFG72YvAyYQMb8K8GB+MNZ/uWZidIB+T27tRf/d46IOvdK
LKMtGs4wJ2/RQmxkOcIjwPUry4N/gv9osRmWtXRvSozQrq6xNSGByzGeAKtRX9Sd
3s6h5abBwtxb+X5DGGss28F/dugQTVoFJxgUUzVak2P3kzlbE/zT9fq4C6slGTbZ
lCg4uqdrEQetlpd7hIa4dKetjhvIfbGdykfzWZkYD0KjKqwH6bEidMrO5dvrYxdj
WrAdz4vSmwMCHq9/SfNlWGTHDutmClnCcxlqZN18epZMfkGrrbg=
=rY0N
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat SSL - unsupported protocol or cipher suit error
Posted by Sameer Umbrajkar <sa...@gmail.com>.
Dear Chris,
Could you help me out with the connector sample with sslhostconfig. I have
mentioned the connector details in my previous email.
On Mon 7 Jan, 2019, 12:22 AM Christopher Schultz <
chris@christopherschultz.net wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Sameer,
>
> On 1/6/19 13:40, Sameer Umbrajkar wrote:
> > Dear John & Raj,
> >
> > *My JVM version is 8.1.015 and Tomcat version is 8.5.13* Please see
> > the version details below -
> > ======================================================================
> ====================
> >
> >
> E:\BOE\tomcat\bin>version
> > Using CATALINA_BASE: "E:\BOE\tomcat" Using CATALINA_HOME:
> > "E:\BOE\tomcat" Using CATALINA_TMPDIR: "E:\BOE\tomcat\temp" Using
> > JRE_HOME: "E:\BOE\SAP BusinessObjects Enterprise XI
> > 4.0\win64_x64\sapjvm\" Using CLASSPATH:
> > "E:\BOE\tomcat\bin\bootstrap.jar;E:\BOE\tomcat\bin\tomcat-juli.jar"
> >
> >
> Server version: Apache Tomcat/8.5.13
> > Server built: Mar 27 2017 14:25:04 UTC Server number: 8.5.13.0
> > OS Name: Windows NT (unknown) OS Version: 10.0
> > Architecture: amd64 JVM Version: 8.1.015 JVM Vendor: SAP
> > AG E:\BOE\tomcat\bin>
> > ======================================================================
> =====================
> >
> > As suggested I added below parameters in Java Option of Tomcat
> > configuration still facing the same error related to TLS protocol
> > and ciphers
> > ======================================================================
> =====================
> >
> >
> - -Dhttps.protocols=TLSv1.2
> > -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> > ======================================================================
> =====================
> >
> >
> As requested, please find the HTTPS connector details below from server.
> xml
> > ======================================================================
> =====================
> >
> >
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
> > port="8443" maxThreads="200" scheme="https" secure="true"
> > SSLEnabled="true" keystoreFile="E:\SSL\.keystore"
> > keystorePass="Am1@k123" clientAuth="false" sslProtocol="TLS"/>
>
> It would be better to use the more modern configuration which includes
> <SSLHostConfig> elements within your <Connector> elements.
>
> http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwycYkACgkQHPApP6U8
> pFi+tw//ajl4qF4/leS0vP7GTZmxom3WtVbbxYQHRIL1+GDD922etcS60kgsD4cE
> dcQlmzPuChA0HOOn7MXgL8NH2edxRc6rssoQx2TuQcNotD2QfAQhRaLuV5usKG6h
> 1sv4tz2BuBVbAtEWSjwI3qtqv6feaJCtR1AU2kIlQilnbcKS2yEy/7jtW58UcmvZ
> SxjQ6Bxedm0LGcu7rwRVVKkYzKkJhhz+W1Bv8fFEp5KeY+sLPupsntlsVrC2cXL5
> c44XMBKHnRudiIk0p+d2gQPwYGTH4UtRMIX8W74Vfen60YweI9TpfuNSf9wC5TEP
> kLUk2+++hPTMxDW8BliZIMxJW7V+m9BpaGffGygGPbmMaVAWFg0v7yefmPVaiGz0
> QLLRstMpySoHDg51mptQpj49YHTZtuYtKlwQbSVIBxy+BAGUzAFnGRIAG9MYRyLG
> 4HpwDzYplyCRev/C+btjogMUWv+czxbqig5tcNtmMtX/Ycsiu24rq5EQbgqxzFTC
> IiSXqEz8zguJJZfgv676CJzzuWskSFZHLWeShiDN5H1EMj/NOzkwGESvFkuwrhVd
> RRQNNpS9+Z9754dd9iy8QwCR0avtE3Gxcfa6ID2JeuRpLSKpOg9JMcp/WkSjNMyc
> futM588UHDPm8Mv2+9pPirPSc9EOFeAXJ3cb7oxc/ef65SGnFxE=
> =Y8ni
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Tomcat SSL - unsupported protocol or cipher suit error
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Sameer,
On 1/6/19 13:40, Sameer Umbrajkar wrote:
> Dear John & Raj,
>
> *My JVM version is 8.1.015 and Tomcat version is 8.5.13* Please see
> the version details below -
> ======================================================================
====================
>
>
E:\BOE\tomcat\bin>version
> Using CATALINA_BASE: "E:\BOE\tomcat" Using CATALINA_HOME:
> "E:\BOE\tomcat" Using CATALINA_TMPDIR: "E:\BOE\tomcat\temp" Using
> JRE_HOME: "E:\BOE\SAP BusinessObjects Enterprise XI
> 4.0\win64_x64\sapjvm\" Using CLASSPATH:
> "E:\BOE\tomcat\bin\bootstrap.jar;E:\BOE\tomcat\bin\tomcat-juli.jar"
>
>
Server version: Apache Tomcat/8.5.13
> Server built: Mar 27 2017 14:25:04 UTC Server number: 8.5.13.0
> OS Name: Windows NT (unknown) OS Version: 10.0
> Architecture: amd64 JVM Version: 8.1.015 JVM Vendor: SAP
> AG E:\BOE\tomcat\bin>
> ======================================================================
=====================
>
> As suggested I added below parameters in Java Option of Tomcat
> configuration still facing the same error related to TLS protocol
> and ciphers
> ======================================================================
=====================
>
>
- -Dhttps.protocols=TLSv1.2
> -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> ======================================================================
=====================
>
>
As requested, please find the HTTPS connector details below from server.
xml
> ======================================================================
=====================
>
>
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
> port="8443" maxThreads="200" scheme="https" secure="true"
> SSLEnabled="true" keystoreFile="E:\SSL\.keystore"
> keystorePass="Am1@k123" clientAuth="false" sslProtocol="TLS"/>
It would be better to use the more modern configuration which includes
<SSLHostConfig> elements within your <Connector> elements.
http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwycYkACgkQHPApP6U8
pFi+tw//ajl4qF4/leS0vP7GTZmxom3WtVbbxYQHRIL1+GDD922etcS60kgsD4cE
dcQlmzPuChA0HOOn7MXgL8NH2edxRc6rssoQx2TuQcNotD2QfAQhRaLuV5usKG6h
1sv4tz2BuBVbAtEWSjwI3qtqv6feaJCtR1AU2kIlQilnbcKS2yEy/7jtW58UcmvZ
SxjQ6Bxedm0LGcu7rwRVVKkYzKkJhhz+W1Bv8fFEp5KeY+sLPupsntlsVrC2cXL5
c44XMBKHnRudiIk0p+d2gQPwYGTH4UtRMIX8W74Vfen60YweI9TpfuNSf9wC5TEP
kLUk2+++hPTMxDW8BliZIMxJW7V+m9BpaGffGygGPbmMaVAWFg0v7yefmPVaiGz0
QLLRstMpySoHDg51mptQpj49YHTZtuYtKlwQbSVIBxy+BAGUzAFnGRIAG9MYRyLG
4HpwDzYplyCRev/C+btjogMUWv+czxbqig5tcNtmMtX/Ycsiu24rq5EQbgqxzFTC
IiSXqEz8zguJJZfgv676CJzzuWskSFZHLWeShiDN5H1EMj/NOzkwGESvFkuwrhVd
RRQNNpS9+Z9754dd9iy8QwCR0avtE3Gxcfa6ID2JeuRpLSKpOg9JMcp/WkSjNMyc
futM588UHDPm8Mv2+9pPirPSc9EOFeAXJ3cb7oxc/ef65SGnFxE=
=Y8ni
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat SSL - unsupported protocol or cipher suit error
Posted by Sameer Umbrajkar <sa...@gmail.com>.
Dear John & Raj,
*My JVM version is 8.1.015 and Tomcat version is 8.5.13*
Please see the version details below -
==========================================================================================
E:\BOE\tomcat\bin>version
Using CATALINA_BASE: "E:\BOE\tomcat"
Using CATALINA_HOME: "E:\BOE\tomcat"
Using CATALINA_TMPDIR: "E:\BOE\tomcat\temp"
Using JRE_HOME: "E:\BOE\SAP BusinessObjects Enterprise XI
4.0\win64_x64\sapjvm\"
Using CLASSPATH:
"E:\BOE\tomcat\bin\bootstrap.jar;E:\BOE\tomcat\bin\tomcat-juli.jar"
Server version: Apache Tomcat/8.5.13
Server built: Mar 27 2017 14:25:04 UTC
Server number: 8.5.13.0
OS Name: Windows NT (unknown)
OS Version: 10.0
Architecture: amd64
JVM Version: 8.1.015
JVM Vendor: SAP AG
E:\BOE\tomcat\bin>
===========================================================================================
As suggested I added below parameters in Java Option of Tomcat
configuration still facing the same error related to TLS protocol and
ciphers
===========================================================================================
-Dhttps.protocols=TLSv1.2
-Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
===========================================================================================
As requested, please find the HTTPS connector details below from server.xml
===========================================================================================
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true"
keystoreFile="E:\SSL\.keystore" keystorePass="Am1@k123" clientAuth="false"
sslProtocol="TLS"/>
============================================================================================
Regards,
Sameer
On Sun, Jan 6, 2019 at 7:57 PM Rajendra <ra...@gmail.com> wrote:
> Yes, TLS 1.2 protocol not enabled by default prior to jdk1.7.0_131
> version. It has to enabled explicitly in order to support TLS1.2 if you are
> using earlier versions of jdk1.7.
>
> Thanks !
>
> Rajendra
>
> From: John Larsen
> Sent: 06 January 2019 11:17
> To: Tomcat Users List
> Subject: Re: Tomcat SSL - unsupported protocol or cipher suit error
>
> I have run into this and solved it.
>
> Basically its due to JDK versions 7 and older.
> Two options to fix.
> 1. upgrade to jdk8
> 2. Add the following to your JAVA_OPTS or CATALINA_OPTS:
> -Dhttps.protocols=TLSv1.2
> -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>
> John
>
> On Sun, Jan 6, 2019 at 6:39 AM Rajendra <ra...@gmail.com>
> wrote:
>
> > Sameer, can you please share Connector element for ssl port in server.xml
> > file?
> >
> > Also, what is Jdk version you are using?
> >
> > Thanks !
> >
> > Rajendra
> >
> > From: Sameer Umbrajkar
> > Sent: 06 January 2019 08:13
> > To: users@tomcat.apache.org
> > Subject: Tomcat SSL - unsupported protocol or cipher suit error
> >
> > Dear All,
> >
> > I am trying to configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am
> facing
> > below error after importing the certificates.
> >
> > ==================================================================
> >
> > This page can’t be displayed
> >
> > Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
> > connecting to *https://localhost:8443 <https://localhost:8443/> *again.
> If
> > this error persists, it is possible that this site uses an unsupported
> > protocol or cipher suite such as RC4 (link for the details)
> > <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered
> > secure. Please contact your site administrator
> >
> > ===================================================================
> >
> >
> > To generate Key store
> > keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA
> >
> > To generate Certificate request i.e. CSR
> > keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore
> > E:\SSL\.keystore
> >
> > To import chain (intermediate CA)
> > keytool -import -trustcacerts -alias intermediate -keystore
> > E:\SSL\.keystore -file E:\SSL\MOFChain.cer
> >
> > To import the signed server certificate
> > keytool -import -alias tomcat -keystore E:\SSL\.keystore -file
> > E:\SSL\mbq.cer
> >
> > We did not face error while importing the signed certificates however
> > facing TLS protocol/cipher suit related issue now.
> > Please help with your insights to resolve the issue
> >
> > Regards,
> >
> > Sameer
> >
> >
>
>
--
sameer007
Re: Tomcat SSL - unsupported protocol or cipher suit error
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Rajendra,
On 1/6/19 11:57, Rajendra wrote:
> Yes, TLS 1.2 protocol not enabled by default prior to jdk1.7.0_131
> version. It has to enabled explicitly in order to support TLS1.2 if
> you are using earlier versions of jdk1.7.
This is a Tomcat option and not a JDK option. If the JVM supports
TLSv1.2 and you have a reasonably recent version of Tomcat, the
default is to enable TLSv1, TLSv1.1, and TLSv1.2.
If you have specifically DISABLED those protocols (by specifying a
list of protocols that does NOT include them), then they will in fact
be disabled.
- -chris
> From: John Larsen Sent: 06 January 2019 11:17 To: Tomcat Users
> List Subject: Re: Tomcat SSL - unsupported protocol or cipher suit
> error
>
> I have run into this and solved it.
>
> Basically its due to JDK versions 7 and older. Two options to fix.
> 1. upgrade to jdk8 2. Add the following to your JAVA_OPTS or
> CATALINA_OPTS: -Dhttps.protocols=TLSv1.2
> -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>
> John
>
> On Sun, Jan 6, 2019 at 6:39 AM Rajendra
> <ra...@gmail.com> wrote:
>
>> Sameer, can you please share Connector element for ssl port in
>> server.xml file?
>>
>> Also, what is Jdk version you are using?
>>
>> Thanks !
>>
>> Rajendra
>>
>> From: Sameer Umbrajkar Sent: 06 January 2019 08:13 To:
>> users@tomcat.apache.org Subject: Tomcat SSL - unsupported
>> protocol or cipher suit error
>>
>> Dear All,
>>
>> I am trying to configure SSL (HTTPS) for Apache Tomcat 8.5.13. I
>> am facing below error after importing the certificates.
>>
>> ==================================================================
>>
>>
>>
This page can’t be displayed
>>
>> Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and
>> try connecting to *https://localhost:8443
>> <https://localhost:8443/> *again. If this error persists, it is
>> possible that this site uses an unsupported protocol or cipher
>> suite such as RC4 (link for the details)
>> <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not
>> considered secure. Please contact your site administrator
>>
>> ===================================================================
>>
>>
>>
>>
To generate Key store
>> keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA
>>
>> To generate Certificate request i.e. CSR keytool -certreq -keyalg
>> RSA -alias tomcat -file boqa.csr -keystore E:\SSL\.keystore
>>
>> To import chain (intermediate CA) keytool -import -trustcacerts
>> -alias intermediate -keystore E:\SSL\.keystore -file
>> E:\SSL\MOFChain.cer
>>
>> To import the signed server certificate keytool -import -alias
>> tomcat -keystore E:\SSL\.keystore -file E:\SSL\mbq.cer
>>
>> We did not face error while importing the signed certificates
>> however facing TLS protocol/cipher suit related issue now. Please
>> help with your insights to resolve the issue
>>
>> Regards,
>>
>> Sameer
>>
>>
>
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwycPYACgkQHPApP6U8
pFhUDg//ZR4at+75QeqWgEFkBZrBozzKtEAwd4OdrVwWxDDOFcRYZrH59x7sdQNu
YmLdEi0yb6acumtG80CLlIq8scAjbv3HxY3d+yK0WPISUB0SJo9yxwaBtm13JmPj
7mr0y35sotSP7sCi9sH2Yj5pVJCWXY4GqO/7OJKl/j2P1MI53Uk8i95HtHcsMphc
FBCfdtlg4YYE41gTTPLctfDTqQ4wCs1nhOJpfojGZ1bFVs7Yl7QT3fjOOAWroqe5
A8XBx1DK+Lk/KMGbHlbrUTaWplQZI4693oVDDKCPc1Ftq8zYi4x1sad7NGIocEqr
dRPQ6RxAZ9CcbPDJaOIIUqvg2JVyOkNga9macxSnf42MAEcV11lQDWiDn+emYciO
EEATJHp0AsJYYy4FCrVEbsou5/kfMG3Fo13tvg9BmWphDofCAem8yfGwcdwwsUuu
0Ard7qdhsqr+FmnWS17e41FDsOJQNtZ7ZoV2j3trhYIyHWj6sO0Nzot21mBTowlR
UpPb4Z7cBLu/Me5CPbslc1v1v1ky4X8lw+XS2vloRa2mmhmAq14p21kmssx8f/+3
74R2cA+L++VL9ZZyQ2Xe/ytKAdoyxnA6XgH7UAlTVKFKJnzKdbxxcUX8tpifEh8j
45Z9Jo4cJtGQA0LMSOuTIVzYsh5OSmBqGu3n8befmRaWmHFew7I=
=rXtx
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat SSL - unsupported protocol or cipher suit error
Posted by Rajendra <ra...@gmail.com>.
Yes, TLS 1.2 protocol not enabled by default prior to jdk1.7.0_131 version. It has to enabled explicitly in order to support TLS1.2 if you are using earlier versions of jdk1.7.
Thanks !
Rajendra
From: John Larsen
Sent: 06 January 2019 11:17
To: Tomcat Users List
Subject: Re: Tomcat SSL - unsupported protocol or cipher suit error
I have run into this and solved it.
Basically its due to JDK versions 7 and older.
Two options to fix.
1. upgrade to jdk8
2. Add the following to your JAVA_OPTS or CATALINA_OPTS:
-Dhttps.protocols=TLSv1.2
-Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
John
On Sun, Jan 6, 2019 at 6:39 AM Rajendra <ra...@gmail.com> wrote:
> Sameer, can you please share Connector element for ssl port in server.xml
> file?
>
> Also, what is Jdk version you are using?
>
> Thanks !
>
> Rajendra
>
> From: Sameer Umbrajkar
> Sent: 06 January 2019 08:13
> To: users@tomcat.apache.org
> Subject: Tomcat SSL - unsupported protocol or cipher suit error
>
> Dear All,
>
> I am trying to configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am facing
> below error after importing the certificates.
>
> ==================================================================
>
> This page can’t be displayed
>
> Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
> connecting to *https://localhost:8443 <https://localhost:8443/> *again. If
> this error persists, it is possible that this site uses an unsupported
> protocol or cipher suite such as RC4 (link for the details)
> <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered
> secure. Please contact your site administrator
>
> ===================================================================
>
>
> To generate Key store
> keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA
>
> To generate Certificate request i.e. CSR
> keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore
> E:\SSL\.keystore
>
> To import chain (intermediate CA)
> keytool -import -trustcacerts -alias intermediate -keystore
> E:\SSL\.keystore -file E:\SSL\MOFChain.cer
>
> To import the signed server certificate
> keytool -import -alias tomcat -keystore E:\SSL\.keystore -file
> E:\SSL\mbq.cer
>
> We did not face error while importing the signed certificates however
> facing TLS protocol/cipher suit related issue now.
> Please help with your insights to resolve the issue
>
> Regards,
>
> Sameer
>
>
Re: Tomcat SSL - unsupported protocol or cipher suit error
Posted by John Larsen <jo...@javapipe.com>.
I have run into this and solved it.
Basically its due to JDK versions 7 and older.
Two options to fix.
1. upgrade to jdk8
2. Add the following to your JAVA_OPTS or CATALINA_OPTS:
-Dhttps.protocols=TLSv1.2
-Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
John
On Sun, Jan 6, 2019 at 6:39 AM Rajendra <ra...@gmail.com> wrote:
> Sameer, can you please share Connector element for ssl port in server.xml
> file?
>
> Also, what is Jdk version you are using?
>
> Thanks !
>
> Rajendra
>
> From: Sameer Umbrajkar
> Sent: 06 January 2019 08:13
> To: users@tomcat.apache.org
> Subject: Tomcat SSL - unsupported protocol or cipher suit error
>
> Dear All,
>
> I am trying to configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am facing
> below error after importing the certificates.
>
> ==================================================================
>
> This page can’t be displayed
>
> Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
> connecting to *https://localhost:8443 <https://localhost:8443/> *again. If
> this error persists, it is possible that this site uses an unsupported
> protocol or cipher suite such as RC4 (link for the details)
> <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered
> secure. Please contact your site administrator
>
> ===================================================================
>
>
> To generate Key store
> keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA
>
> To generate Certificate request i.e. CSR
> keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore
> E:\SSL\.keystore
>
> To import chain (intermediate CA)
> keytool -import -trustcacerts -alias intermediate -keystore
> E:\SSL\.keystore -file E:\SSL\MOFChain.cer
>
> To import the signed server certificate
> keytool -import -alias tomcat -keystore E:\SSL\.keystore -file
> E:\SSL\mbq.cer
>
> We did not face error while importing the signed certificates however
> facing TLS protocol/cipher suit related issue now.
> Please help with your insights to resolve the issue
>
> Regards,
>
> Sameer
>
>
RE: Tomcat SSL - unsupported protocol or cipher suit error
Posted by Rajendra <ra...@gmail.com>.
Sameer, can you please share Connector element for ssl port in server.xml file?
Also, what is Jdk version you are using?
Thanks !
Rajendra
From: Sameer Umbrajkar
Sent: 06 January 2019 08:13
To: users@tomcat.apache.org
Subject: Tomcat SSL - unsupported protocol or cipher suit error
Dear All,
I am trying to configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am facing
below error after importing the certificates.
==================================================================
This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
connecting to *https://localhost:8443 <https://localhost:8443/> *again. If
this error persists, it is possible that this site uses an unsupported
protocol or cipher suite such as RC4 (link for the details)
<http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered
secure. Please contact your site administrator
===================================================================
To generate Key store
keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA
To generate Certificate request i.e. CSR
keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore
E:\SSL\.keystore
To import chain (intermediate CA)
keytool -import -trustcacerts -alias intermediate -keystore
E:\SSL\.keystore -file E:\SSL\MOFChain.cer
To import the signed server certificate
keytool -import -alias tomcat -keystore E:\SSL\.keystore -file
E:\SSL\mbq.cer
We did not face error while importing the signed certificates however
facing TLS protocol/cipher suit related issue now.
Please help with your insights to resolve the issue
Regards,
Sameer