tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.
Date Wed, 04 Oct 2017 00:49:06 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James,

On 10/3/17 5:52 PM, James H. H. Lampert wrote:
> Dear Mr. Klement, and members of the Tomcat List:
> 
> I have a series of AS/400 programs using HTTPAPI to access
> services hosted by a webapp running under Tomcat.
> 
> Up until now, I've only tested this configuration with Tomcat 7,
> running on a local Linux (CentOS) box, and the last time I tested
> it, it worked fine.
> 
> Today, for the first time, I tried changing the HTTPAPI calls to
> access essentially the same webapp, only running in Tomcat 8 on a
> cloud server, in order to find any places where the calls need to
> be updated to keep up with changes in the services.
> 
> And I didn't even get that far. Instead, the SSL handshake failed
> with
>> (GSKit) No compatible cipher suite available between SSL end
>> points.
> 
> Now what?
> 
> I mean, I know that I need to get HTTPAPI and Tomcat speaking the
> same language, but where do I begin?

First, I would check to see what Tomcat is actually advertising. There
are several ways to do that. One of them is to use Qualys's SSLLabs
server test:

https://www.ssllabs.com/ssltest/

Note that this tool only works for publicly-accessible servers.

If you have a private server, you'll need to resort to something a
little more complicated. I wrote a Java program to do just this. You
are welcome to use it:

https://wiki.apache.org/tomcat/tools/SSLTest.java
and
https://wiki.apache.org/tomcat/tools/SSLUtils.java

Once you know what cipher suites are actually supported by the server,
you can have a look at the ones supported by the HTTPAPI client to
make sure you have some overlap.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnUMAIdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFi7Rw//ZUb3T3GPjJ6yHjOs
bv09fY33iei8NXJYleHbzHs1XNVDRL8MMEtzc64g2DX9K5ducUqZEOpb5tSj7XiK
2uOsp5qaMplwFAgeY6kaAptaajuiz+WFDZXDOTRvcFTgwCEN2shsQDsJUd3EaXHj
NpduLueXpAY8B1V8GOAKQx2ZJxWO+puLDd8h0Ao/ojRmcxksFonBL8/Be6ZYTC4b
n5swZc9Hj8gs50ZkIrCfvNhOE+t7DJ2OH8WFJFdaNfHB/bWv1A3FyZ9bI9sgG+Ym
/EFH1khaWzH9AoB2Zv2dFD/D2ZDw2P30FJW1TZytcAQ6AhZo5fmMWNnKLMuu42Gw
EHGssKqohCIhQ7Cy5s3knigIwHURoXPo9shlDFJB/GQcTKcX8VCtTvDw23Ka0qQB
bjgmnrhb00dycBzFTiacG9RXrs7cMsYpgqzUFBTTYhDh0BhuQiwBQiTKo+dpoYab
XTuEPEeuUmV9HTW5+kPL1YXw8RSNxCgUvTA6w9jK4QE4CKp4WMi2ESAW/toB0XcR
yx9ZGqiDlYv732/8ID17P9/HN3GFskBGc90jjURmUtaLmPsidR9Ja7zU3zGHl2EQ
MyNTKrdpaXgwQMiFSNwbKqTXqY1Q6e4PfYjzsyPidah/FlhQd+nPXgievNLYp973
ifcIoyO9cd60yYnwW7y6TL3foXA=
=aRsw
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message