tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. H. Lampert" <jam...@touchtonecorp.com>
Subject Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.
Date Wed, 04 Oct 2017 01:23:03 GMT
I wrote:
>> I mean, I know that I need to get HTTPAPI and Tomcat speaking the
>> same language, but where do I begin?

Christopher Schultz (Tomcat List) wrote:
> First, I would check to see what Tomcat is actually advertising.
> There are several ways to do that. One of them is to use Qualys's
> SSLLabs server test:
>
> https://www.ssllabs.com/ssltest/

Thanks, Mr. Schultz. That gives me a start.

Ok, here's what I got back.
> Protocols
> TLS 1.3 	No
> TLS 1.2 	Yes
> TLS 1.1 	Yes
> TLS 1.0 	Yes
> SSL 3 	No
> SSL 2 	No

> Cipher Suites
> # TLS 1.2 (server has no preference)
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp521r1 (eq. 15360 bits RSA)   FS
	128
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp521r1 (eq. 15360 bits RSA)
  FS 	128
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS
	256
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp521r1 (eq. 15360 bits RSA)
  FS 	256
> # TLS 1.1 (server has no preference)
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp521r1 (eq. 15360 bits RSA)   FS
	128
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS
	256
> # TLS 1.0 (server has no preference)
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp521r1 (eq. 15360 bits RSA)   FS
	128
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS
	256

I may have known how to determine what HTTPAPI supports, but if so, I've 
forgotten. Ditto for adding protocols to Tomcat.

As to the client end, it's using HTTPAPI 1.24, running on an AS/400 
that's at V6R1.

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message