Need configuration example for Tomcat 7.0.55 TLS configuration

Sat, 04 Apr 2015 18:07:55 -0700

I would like to know if anyone has a working example of getting TLS 1.2 working on Tomcat 7.0.55, so that it can be accessed by the latest version of Chrome and Firefox. Either my Tomcat configuration is wrong, or there is another problem outside of Tomcat that is keeping me from connecting to it. Here is the background:
I have a small private website running on Tomcat 7.0.55 on Ubuntu 14.04. I set it up over two years ago to use HTTPS only, and as far as I know it’s still working fine. Unfortunately I can no longer reach it because when I try to access it through the latest Chrome browser I get this error: 


"A secure connection cannot be established because this site uses an 
unsupported protocol.

Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH"

With the latest Firefox I get this:


"Cannot communicate securely with peer: no common encryption algorithm(s). 
(Error code: ssl_error_no_cypher_overlap)"



Of course, neither Chrome nor Firefox give you any information about what 
ciphers/SSL versions would actually **work**, they just tell you that what 
you've got isn't working.   I have spent the entire day trying to force 
Tomcat to use some version of TLS.   I have Googled and posted on 
StackExchange.    Unfortunately most of the online information I have found 
simply does not seem to work.    I either get a configuration error in the 
Tomcat console or the same messages I referenced above.


Here's my SSL connector entry from server.xml:

<Connector port="8484" protocol="HTTP/1.1" SSLEnabled="true"
          maxThreads="150" scheme="https" secure="true"
          keystoreFile="/path/mykeystore"
          keystorePass="password"
          clientAuth="false"
          sslProtocol="TLS"
          sslEnabledProtocols="TLS" />



So far based on the Tomcat 7.0 docs, I have tried the following 
configuration changes:


sslEnabledProtocols="TLS"
sslEnabledProtocols="TLSv1"
sslEnabledProtocols="TLSv1.1"
sslEnabledProtocols="TLSv1.2"
sslEnabledProtocols="TLSv1.1,TLSv1.2"


With most of these, I don't get any error in the console (I have logging set 
to ALL), but I also have not been able to get either Chrome or Firefox to 
connect.



I have also tried various combinations of "sslProtocols=" and "cipher=", 
also with no luck.


Can anyone post a sample <connector> configuration that works?









---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to