-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All,
On 4/12/16 2:32 PM, Christopher Schultz wrote: > Lyallex, > > On 4/12/16 2:11 PM, Lyallex wrote: >> On 12 April 2016 at 18:06, Lyallex <lyal...@gmail.com> wrote: >>> apache-tomcat-7.0.42 as standalone web server jdk1.7.0_45 >>> Ubuntu 12.10 >>> >>> Greetings >>> >>> I'm sure this is an old chestnut but it's got me stumped >>> >>> I just purchased and installed my first ever ssl certificate I >>> had it installed and apparently running in no time. I should of >>> course have been suspicious that it all went so smoothly but >>> I though it was about time I got a break ... no such luck. >>> >>> Clicking the padlock in chrome I get >>> >>> Your connection to 192.168.1.68 is encrypted using an obsolete >>> cipher suit. >>> >>> The connection uses TLS 1.2. >>> >>> The connection is encrypted using AES_128_CBC with HMAC-SHA1 >>> for message authentication and ECDHE_RSA as the key exchange >>> mechanism. > >> jdk1.8.0.77 fixed it > >> Should have know it was a Java (as opposed to Tomcat) problem > > You did have this cipher suite configured in your <Connector>, > though: > > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA > > That's the one Chrome was complaining about. (Though I'm not sure > why it doesn't like that cipher suite). Aaaand it's obvious, now. I was only looking at the cipher and hashing algorithms. I didn't see the "AES + CBC" which is a red flag these days. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlcNP3kACgkQ9CaO5/Lv0PBx5ACfaz2VUHZNWnFr7QhCrWwLO9Db e98AnRC4t0Hkz5FTM7jUriXnI8uRhMjG =Xixo -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org