tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. H. Lampert" <jam...@touchtonecorp.com>
Subject Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.
Date Thu, 05 Oct 2017 17:52:54 GMT
This just keeps getting weirder.

Late yesterday afternoon, I did a lengthy "stare-and-compare" between 
what SSLInfo returned for the two different Tomcat servers, and I 
couldn't find any differences. But then, I got called away from this on 
something that kept me in the office until after 7 PM.

Finally getting back to it, I looked at the "connector ciphers" on the 
Tomcat 8 manager (there isn't one on the Tomcat 7 manager), and saw that 
only 16 of the 36 ciphers that SSLInfo starred as "default" are actually 
enabled in Tomcat.

Then, using what Mr. Schultz told me about reading cipher names, I 
compared what actually *does* come up in the Tomcat 8 manager with the 
DSPSYSVAL on the AS/400. And I found that if
> *RSA_AES_256_CBC_SHA
is the same as
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

then maybe we DO have a common cipher, at least in theory (unless 
"ECDHE" makes it otherwise).

Unfortunately, I can't run the local box's Tomcat server through 
SSLLabs, because it's on a nonstandard port number, and Tomcat 7 doesn't 
have a "connector ciphers" button on the manager main page.

The cloud box is a Google Compute Engine instance. Is it possible that 
Google is somehow vetoing the handshake?

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message