-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 8/5/20 16:39, James H. H. Lampert wrote:
> First, I did a quick SSLLabs scan on the server. That told me that
> "sslEnabledProtocols" in an SSLHostConfig was indeed wrong. And it
> told me that all simulated Chrome handshakes failed, but
Good job with those tests and good luck with the real site!
Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President
Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Jon Mcalexander wrote:
Most likely then you need to find a cypher list that is valid for TLSv1.2. Such
as below:
ACCEPTABLE
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-Original Message-
From: James H. H. Lampert
Sent: Wednesday, August 5, 2020 1:06 PM
To: Tomcat Users List
Subject: Re: Connector works fine with Firefox, but not on speaking terms with
Chrome!
On 8/5/20 10:43 AM, calder wrote:
> certificateVerificationh="none"
>
> there's one
On 8/5/20 10:43 AM, calder wrote:
certificateVerificationh="none"
there's one issue (misspelling), though may not be a contributing
factor.
Corrected; no effect.
Jon McAlexander wrote:
I believe that
protocols="TLSv1.2">
should be
sslEnabledProtocol="TLSv1.2"
My understanding of the
I believe that
protocols="TLSv1.2">
should be
sslEnabledProtocol="TLSv1.2"
Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President
Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA
On Wed, Aug 5, 2020, 12:22 James H. H. Lampert
wrote:
> I've now managed to get an experimental copy of our development AWS EC2
> instance working with a cert from Let's Encrypt, and I've got Tomcat to
> launch with a modified connector that uses the LE certs rather than a
> Java Keystore file.