Hello, Java already ships with a broad variety of cipher suites. The crypto providers are listed in the file java.security. As long as you don’t modify this file, SSL should work just fine in the default java-configuration.
Greetings, Thomas > -----Ursprüngliche Nachricht----- > Von: Pavan Kumar Tiruvaipati <ptiruvaip...@gmail.com> > Gesendet: Mittwoch, 15. Juni 2022 09:56 > An: thomas.hoffm...@speed4trade.com.invalid > Cc: Tomcat Users List <users@tomcat.apache.org> > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0 > > Hi, > > Thanks for the quick response. I will print all the available cipher suites. > > Where do I need to update the cipher to support SSL ? > > > Regards, > Pavan > > On Wed, Jun 15, 2022 at 12:39 PM Thomas Hoffmann (Speed4Trade GmbH) > <thomas.hoffm...@speed4trade.com.invalid> wrote: > > > Hello, > > > > > -----Ursprüngliche Nachricht----- > > > Von: Pavan Kumar Tiruvaipati <ptiruvaip...@gmail.com> > > > Gesendet: Mittwoch, 15. Juni 2022 08:59 > > > An: Christopher Schultz <ch...@christopherschultz.net> > > > Cc: Tomcat Users List <users@tomcat.apache.org> > > > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0 > > > > > > Hi, > > > > > > Tomcat server started successfully. > > > > > > I'm seeing the following error in the tomcat logs when SSL is > > > enabled in server.xml > > > > > > Application is not able to run on https://localhost:8080. > > > > > > 2022-06-15 12:02:43,923 [http-3003-1] DEBUG > > > *org.apache.tomcat.util.net.JIoEndpoint > > > - Handshake failed* > > > > > > *javax.net.ssl.SSLHandshakeException: no cipher suites in common at > > > sun.security.ssl.Alert.createSSLException(Unknown Source) * > > > > > > *at sun.security.ssl.Alert.createSSLException(Unknown Source) at > > > sun.security.ssl.TransportContext.fatal(Unknown Source) * > > > > > > *at sun.security.ssl.TransportContext.fatal(Unknown Source) at > > > sun.security.ssl.TransportContext.fatal(Unknown Source) at > > > sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuit > > > e(Un > > > known > > > Source) at > > > sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(Unknown > > > Source) at sun.security.ssl.SSLHandshake.produce(Unknown Source) at > > > sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(Unknown > > > Source) at > > > sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unkno > > > wn > > > Source) at > > > sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown > > > Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source) at > > > sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at > > > sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at > > > sun.security.ssl.TransportContext.dispatch(Unknown Source) at > > > sun.security.ssl.SSLTransport.decode(Unknown Source) at > > > sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at > > > sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) > > > at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at > > > sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at > > > org.apache.tomcat.util.net > > .jsse.JSSESocketFactory.handshake(JSSESocketFac > > > tory.java:233) > > > at > > > org.apache.tomcat.util.net > > .JIoEndpoint.setSocketOptions(JIoEndpoint.java:7 > > > 01) > > > at org.apache.tomcat.util.net > > .JIoEndpoint$Worker.run(JIoEndpoint.java:503) > > > at java.lang.Thread.run(Unknown Source)* > > > > > > If I disable SSL in tomcat server.xml, It's working with Non-SSL ( > > > http://localhost:8080). > > > > > > Does Tomcat SSL configuration work with JRE 1.8.0 ? Are there any > > > changes required to establish a handshake ? > > > > > > Please let me know if you need more details. > > > > > > > > > Regards, > > > Pavan > > > > > > On Tue, Jun 14, 2022 at 10:44 PM Christopher Schultz < > > > ch...@christopherschultz.net> wrote: > > > > > > > Pavan, > > > > > > > > Please reply to the list and not me personally. > > > > > > > > On 6/14/22 11:21, Pavan Kumar Tiruvaipati wrote: > > > > > <Connector port="8080" > > > > > maxThreads="150" minSpareThreads="25" > > > > maxSpareThreads="75" > > > > > enableLookups="false" disableUploadTimeout="true" > > > > > acceptCount="100" scheme="https" secure="true" > > > > > connectionTimeout="20000" > > > > > clientAuth="false" algorithm="SunX509" > > sslProtocol="TLS" > > > > > keystoreFile="conf/certificate" keystorePass="xxxxx" > > > > > useBodyEncodingForURI="true" > > > > > SSLEnabled="true"/> > > > > > > > > That all looks pretty straightforward. > > > > > > > > When you say it's "not working", can you be more specific? Does > > > > the Tomcat server start? Are there any errors or warnings in the logs? > > > > > > > > -chris > > > > > > > > > On Tue, Jun 14, 2022 at 7:30 PM Christopher Schultz > > > > > <ch...@christopherschultz.net > > > > > <mailto:ch...@christopherschultz.net>> > > > > wrote: > > > > > > > > > > Pavan, > > > > > > > > > > On 6/14/22 08:32, Pavan Kumar Tiruvaipati wrote: > > > > > > We have replaced JDK 1.8 with JRE 1.8.0_333. > > > > > > > > > > > > SSL configuration was working fine with Tomcat 6.0.45 before > > > > > replacing JDK > > > > > > with JRE. > > > > > > > > > > > > Now it's not working. > > > > > > > > > > > > In server.xml, SSL Protocol is set to "TLS". > > > > > > > > > > > > Does Tomcat 6.0.45 support SSL with JRE 1.8.0_333 ? > > > > > > > > > > > > Are there any specific protocols / versions to be used to > > enable > > > > > SSL ? > > > > > > > > > > Please post your <Connector> configuration. Remove any > > > > > secrets that > > > > may > > > > > be in there (e.g. passwords). > > > > > > > > > > -chris > > > > > > > > > > > > > The error says that the client and the server couldn’t find a common > > cipher suite. > > They couldn’t agree on any cipher. > > Does your keystore contain a valid private key? > > > > Maybe you can try to print out all available cipher suites on your > > environment: > > > > https://stackoverflow.com/questions/9333504/how-can-i-list-the-availab > > le-cipher-algorithms You can add the code to a jsp-page and print out > > the available algorithms. > > > > Greetings, > > Thomas > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > >
