tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. H. Lampert" <>
Subject Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.
Date Wed, 04 Oct 2017 19:44:55 GMT
On 10/4/17, 12:26 PM, Christopher Schultz wrote:
> Hash: SHA256
> James,
. . .
> Okay so you are in no way interfering with the defaults. That means
> you'll get (depending upon your exact versions of various things) a
> Tomcat which supports TLSv1 or later, and most of the cipher suites
> that are shown as "default" above.
> Your choice of TLS certificate may affect some of the things that you
> can do, but I see that you've got an RSA certificate from the output
> from SSLLabs, so you shouldn't have any problems with a DSS
> certificate or anything like that. (Use of DSS certs these days is
> fairly rare).
. . .
> Strange. I would have expected Tomcat to enable more cipher suites
> with a default configuration given the SSLInfo output above.
> Are you sure you are using the same Java version with Tomcat as you
> did to run those commands above?

Dear Mr. Schultz:
It sure looks like the same Java version. Here is what the manager returns:
> Apache Tomcat/8.5.14 (Debian) 1.7.0_151-b01 Oracle Corporation Linux 	3.16.0-4-amd64

It would definitely be helpful if the OS/400 names of the cipher suites 
more precisely matched the Java names. To recap, the QSSLCSL system 
value on the AS/400 shows (using the OS/400 naming conventions)
> *RSA_RC4_128_SHA
> *RSA_RC4_128_MD5


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message