SHA-2 issues with Tomcat 6.0.26

Tue, 27 Sep 2016 08:57:29 -0700 

Hi all:

Certainly late on the SHA-2 move from SHA-1 SSL certificates but ours hadn't 
expired yet and wasn't causing any issues.  Our environment is Windows Server 
2008 R2, JVM 1.6.0_22-b04 and Apache Tomcat 6.0.26

I'm testing replacement of my soon to expire SHA-1 certificate with an SHA-2. 
Regardless of what I give as the SSL HTTP / 1.1 connector description in 
server.xml I get invalid ssl conf and cipher error messages in the catalina.log 
file. In server.xml in place of the ciphers= parameter I've tried: the current 
line which has worked since 2013 with the SHA-1 certificate, removed the 
ciphers=, ciphers=HIGH, ciphers=RSA, ciphers=ALL and then the same existing 
line but with all of the 128's as 256's.

The output in catalina.log is:

SEVERE: Error initializing endpoint
java.io.IOException: jsse.invalid_ssl_conf
                at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755)
                at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460)
                at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
                at 
org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
                at 
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
                at 
org.apache.catalina.connector.Connector.initialize(Connector.java:1014)
                at 
org.apache.catalina.core.StandardService.initialize(StandardService.java:680)
                at 
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:524)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:548)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown 
Source)
                at java.lang.reflect.Method.invoke(Unknown Source)
                at 
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
                at 
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: javax.net.ssl.SSLException: No available certificate or key 
corresponds to the SSL cipher suites which are enabled.
                at 
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(Unknown 
Source)
                at 
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)
                at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:751)
                ... 15 more

Any resolution from others who have encountered this already or new directions 
to point me in would be appreciated.

Thanks,

John

John J. Fuchs
IACS - Lead Information Technologist

Rensselaer Polytechnic Institute
J. Bldg. Room 5202
1223 Peoples Avenue
Troy, NY 12180-3590

phone: 518.276.2079
   fax: 518.276.4834
email: fuc...@rpi.edu

Reply via email to