tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. H. Lampert" <>
Subject Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.
Date Thu, 05 Oct 2017 17:52:54 GMT
This just keeps getting weirder.

Late yesterday afternoon, I did a lengthy "stare-and-compare" between 
what SSLInfo returned for the two different Tomcat servers, and I 
couldn't find any differences. But then, I got called away from this on 
something that kept me in the office until after 7 PM.

Finally getting back to it, I looked at the "connector ciphers" on the 
Tomcat 8 manager (there isn't one on the Tomcat 7 manager), and saw that 
only 16 of the 36 ciphers that SSLInfo starred as "default" are actually 
enabled in Tomcat.

Then, using what Mr. Schultz told me about reading cipher names, I 
compared what actually *does* come up in the Tomcat 8 manager with the 
DSPSYSVAL on the AS/400. And I found that if
is the same as

then maybe we DO have a common cipher, at least in theory (unless 
"ECDHE" makes it otherwise).

Unfortunately, I can't run the local box's Tomcat server through 
SSLLabs, because it's on a nonstandard port number, and Tomcat 7 doesn't 
have a "connector ciphers" button on the manager main page.

The cloud box is a Google Compute Engine instance. Is it possible that 
Google is somehow vetoing the handshake?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message