Yes, TLS 1.2 protocol not enabled by default prior to jdk1.7.0_131 version. It has to enabled explicitly in order to support TLS1.2 if you are using earlier versions of jdk1.7.
Thanks ! Rajendra From: John Larsen Sent: 06 January 2019 11:17 To: Tomcat Users List Subject: Re: Tomcat SSL - unsupported protocol or cipher suit error I have run into this and solved it. Basically its due to JDK versions 7 and older. Two options to fix. 1. upgrade to jdk8 2. Add the following to your JAVA_OPTS or CATALINA_OPTS: -Dhttps.protocols=TLSv1.2 -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 John On Sun, Jan 6, 2019 at 6:39 AM Rajendra <rajendrapopur...@gmail.com> wrote: > Sameer, can you please share Connector element for ssl port in server.xml > file? > > Also, what is Jdk version you are using? > > Thanks ! > > Rajendra > > From: Sameer Umbrajkar > Sent: 06 January 2019 08:13 > To: users@tomcat.apache.org > Subject: Tomcat SSL - unsupported protocol or cipher suit error > > Dear All, > > I am trying to configure SSL (HTTPS) for Apache Tomcat 8.5.13. I am facing > below error after importing the certificates. > > ================================================================== > > This page can’t be displayed > > Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try > connecting to *https://localhost:8443 <https://localhost:8443/> *again. If > this error persists, it is possible that this site uses an unsupported > protocol or cipher suite such as RC4 (link for the details) > <http://go.microsoft.com/fwlink/?LinkId=735074>, which is not considered > secure. Please contact your site administrator > > =================================================================== > > > To generate Key store > keytool.exe -genkey -alias tomcat -keysize 2048 -keyalg RSA > > To generate Certificate request i.e. CSR > keytool -certreq -keyalg RSA -alias tomcat -file boqa.csr -keystore > E:\SSL\.keystore > > To import chain (intermediate CA) > keytool -import -trustcacerts -alias intermediate -keystore > E:\SSL\.keystore -file E:\SSL\MOFChain.cer > > To import the signed server certificate > keytool -import -alias tomcat -keystore E:\SSL\.keystore -file > E:\SSL\mbq.cer > > We did not face error while importing the signed certificates however > facing TLS protocol/cipher suit related issue now. > Please help with your insights to resolve the issue > > Regards, > > Sameer > >