I believe that
protocols="TLSv1.2">
should be
sslEnabledProtocol="TLSv1.2"
Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President
Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are
not the addressee or authorized to receive this for the addressee, you must not
use, copy, disclose, or take any action based on this message or any
information herein. If you have received this message in error, please advise
the sender immediately by reply e-mail and delete this message. Thank you for
your cooperation.
-----Original Message-----
From: calder <calder....@gmail.com>
Sent: Wednesday, August 5, 2020 12:43 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Connector works fine with Firefox, but not on speaking terms with
Chrome!
On Wed, Aug 5, 2020, 12:22 James H. H. Lampert <jam...@touchtonecorp.com>
wrote:
> I've now managed to get an experimental copy of our development AWS
> EC2 instance working with a cert from Let's Encrypt, and I've got
> Tomcat to launch with a modified connector that uses the LE certs
> rather than a Java Keystore file.
>
> It looks great from Firefox (except for the still-unanswered riddle of
> the unwanted Tomcat update), but from Chrome, I get (domain name
> "changed to protect the innocent"):
>
> > This site can’t provide a secure connection
> >
> > test.foo.net uses an unsupported protocol.
> >
> > ERR_SSL_VERSION_OR_CIPHER_MISMATCH
> >
> > Unsupported protocol
> >
> > The client and server don't support a common SSL protocol version or
> cipher suite.
>
> The modified connector looks like this:
>
> <Connector port="8443" proxyPort="443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> compression="on" compressionMinSize="2048"
> noCompressionUserAgents="gozilla, traviata"
>
>
> compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/x-javascript,application/javascript,application/json"
> maxThreads="1000" socket.appReadBufSize="1024"
> socket.appWriteBufSize="1024" bufferSize="1024" SSLEnabled="true"
> scheme="https" secure="true">
> <SSLHostConfig
>
> ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AE
> S_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>
>
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_CBC_S
> HA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>
>
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_S
> HA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>
>
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA2
> 56,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>
>
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_
> SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"
>
certificateVerificationh="none"
there's one issue (misspelling), though may not be a contributing factor.
sslProtocol="TLS"
> protocols="TLSv1.2">
> <Certificate
> certificateFile="/etc/tomcat8/test.foo.net.crt"
> certificateKeyFile="/etc/tomcat8/test.foo.net.key"
>
> certificateChainFile="/etc/tomcat8/test.foo.net.issuer.crt"/>
> </SSLHostConfig>
> </Connector>
>
>
> Can anybody shed any light on what I did wrong?
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
