Return-Path: <users-return-262820-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 6333D200D0A
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed,  4 Oct 2017 21:45:03 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 6184A1609DD; Wed,  4 Oct 2017 19:45:03 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id A5DFB1609D6
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  4 Oct 2017 21:45:02 +0200 (CEST)
Received: (qmail 19718 invoked by uid 500); 4 Oct 2017 19:45:01 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 19707 invoked by uid 99); 4 Oct 2017 19:45:01 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Oct 2017 19:45:00 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 336021A0ADC
	for <users@tomcat.apache.org>; Wed,  4 Oct 2017 19:45:00 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -2.3
X-Spam-Level: 
X-Spam-Status: No, score=-2.3 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001,
	RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5] autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key)
	header.d=touchtonecorp-com.20150623.gappssmtp.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id QqCJ1RNMoC_2 for <users@tomcat.apache.org>;
	Wed,  4 Oct 2017 19:44:59 +0000 (UTC)
Received: from mail-pf0-f182.google.com (mail-pf0-f182.google.com [209.85.192.182])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 5C7345FCDA
	for <users@tomcat.apache.org>; Wed,  4 Oct 2017 19:44:58 +0000 (UTC)
Received: by mail-pf0-f182.google.com with SMTP id l188so6770289pfc.6
        for <users@tomcat.apache.org>; Wed, 04 Oct 2017 12:44:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=touchtonecorp-com.20150623.gappssmtp.com; s=20150623;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-transfer-encoding;
        bh=uaCsIakE/mBdjq19EPSJ5Dai3ORDIYitftVanZ1rlOA=;
        b=VG6A8G+mKWgMudKt7PVF0Us/WqcAKABSs5Jbh0nWEZBzeAve/NsvbXxxmMM5JBDsR6
         kwSjks7As2/2AUQp4SKj9C4PHqMlOfXI0x6Ub5PbZKF+p1FIez27TuiR4TGr5TbOmg3X
         NPRNHWy4K5WN8O7eBEsB0AApcVD2cDCP37dVc77YmSUjU05kgIhJt32ZCJJLbKeTzoRI
         i5ug3w7VjKyBX4r7cvj2hVdVvMlwg3NMmwu0NUc92A2nFrjX6IgXj02nbYiqhFjtzLme
         LOPA1eCYiei6DswuPvH24tNL/kCBKIY2TLTxLRbHlOJjHiffuEgJrXKw1vq8tmVVrpd/
         R+hA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to
         :subject:references:in-reply-to:content-transfer-encoding;
        bh=uaCsIakE/mBdjq19EPSJ5Dai3ORDIYitftVanZ1rlOA=;
        b=eVJQNQY3oIVYvfcQRbfS9Y7MwbPIAm+taE+Rd+LyIHPK4x+VJ6m39JrUUq8XhaszOq
         +dJgdVxKTHZFweIxh6eW9W1LLl9As94D3ALp8TCb7TNB67BVZeUd1zrZSR3U1rXXxCoa
         EcopkTJMiumlm/n+GcISYqZmT3i3WElpDbUHiGgh6BtO9IihVjByktFykdYSyCxz1SWr
         4slmRPLHLtxaexCvMaGQ5bdC3kDTieX9tdcHnScofAzNC2iNPTcFwnOz9N864YHz/GV+
         qyDwtdoGybblyibfcCilHIrU8OcErFLbHFuL43+2IHR/6vkhYEUJMpZISC8f3Gd2DXTh
         Rajw==
X-Gm-Message-State: AHPjjUgwZXU0cRChmA3T4gzl62Q3FIFSzvUeXvxPxmhks2pT5T3ItvhK
	hb1OoFJv6sZU/8LBNydjc08z91I=
X-Google-Smtp-Source: AOwi7QCGeqlXRUmVhDQQg6wQ6Dbw6PjZmfSc8DSj0ChXjrSnvjFSqAdFNJPTUnksQ+WrRWeUnq39Xw==
X-Received: by 10.98.58.16 with SMTP id h16mr21449246pfa.153.1507146296629;
        Wed, 04 Oct 2017 12:44:56 -0700 (PDT)
Received: from Jamess-Mac-mini.local (rrcs-76-79-179-74.west.biz.rr.com. [76.79.179.74])
        by smtp.googlemail.com with ESMTPSA id z8sm26914361pgs.41.2017.10.04.12.44.55
        (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Wed, 04 Oct 2017 12:44:56 -0700 (PDT)
Message-ID: <59D53A37.1010902@touchtonecorp.com>
Date: Wed, 04 Oct 2017 12:44:55 -0700
From: "James H. H. Lampert" <jamesl@touchtonecorp.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>,
 HTTPAPI and FTPAPI Projects <ftpapi@lists.scottklement.com>
Subject: Re: Problem: (GSKit) No compatible cipher suite available between
 SSL end points.
References: <59D406BB.40308@touchtonecorp.com> <723f12a7-b302-207a-e594-c3e2bd9f098d@christopherschultz.net> <59D51228.3050704@touchtonecorp.com> <ddb67266-6ce2-41a9-8fd3-04a1db71d5c8@christopherschultz.net> <59D5333E.7060802@touchtonecorp.com> <56663fb1-e7ef-9ea5-034b-f1e1a3975bb9@christopherschultz.net>
In-Reply-To: <56663fb1-e7ef-9ea5-034b-f1e1a3975bb9@christopherschultz.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
archived-at: Wed, 04 Oct 2017 19:45:03 -0000

On 10/4/17, 12:26 PM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> James,
. . .
> Okay so you are in no way interfering with the defaults. That means
> you'll get (depending upon your exact versions of various things) a
> Tomcat which supports TLSv1 or later, and most of the cipher suites
> that are shown as "default" above.
>
> Your choice of TLS certificate may affect some of the things that you
> can do, but I see that you've got an RSA certificate from the output
> from SSLLabs, so you shouldn't have any problems with a DSS
> certificate or anything like that. (Use of DSS certs these days is
> fairly rare).
. . .
> Strange. I would have expected Tomcat to enable more cipher suites
> with a default configuration given the SSLInfo output above.
>
> Are you sure you are using the same Java version with Tomcat as you
> did to run those commands above?

Dear Mr. Schultz:
It sure looks like the same Java version. Here is what the manager returns:
> Apache Tomcat/8.5.14 (Debian) 1.7.0_151-b01 Oracle Corporation Linux 	3.16.0-4-amd64 	amd64

It would definitely be helpful if the OS/400 names of the cipher suites 
more precisely matched the Java names. To recap, the QSSLCSL system 
value on the AS/400 shows (using the OS/400 naming conventions)
> *RSA_AES_128_CBC_SHA
> *RSA_RC4_128_SHA
> *RSA_RC4_128_MD5
> *RSA_AES_256_CBC_SHA
> *RSA_3DES_EDE_CBC_SHA
> *RSA_DES_CBC_SHA
> *RSA_EXPORT_RC4_40_MD5
> *RSA_EXPORT_RC2_CBC_40_MD5
> *RSA_NULL_SHA
> *RSA_NULL_MD5

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org