Hi,

Java ships cipher suites. We have printed all available cipher suites in
our environment.

Tomcat is not able to enable SSL with JRE 1.8.0_333.

The error says that the client and the server couldn’t find a common cipher
suite.

1. Which cipher suite to be updated in tomcat to enable SSL ?
2. Where do we need to update the cipher suite in tomcat ? server.xml ?

Please advise me if there is any other way to fix the SSL issue. Thank you
in advance.

Regards,
Pavan

On Wed, Jun 15, 2022 at 1:34 PM Thomas Hoffmann (Speed4Trade GmbH)
<thomas.hoffm...@speed4trade.com.invalid> wrote:

> Hello,
> Java already ships with a broad variety of cipher suites.
> The crypto providers are listed in the file java.security.
> As long as you don’t modify this file, SSL should work just fine in the
> default java-configuration.
>
> Greetings, Thomas
>
>
> > -----Ursprüngliche Nachricht-----
> > Von: Pavan Kumar Tiruvaipati <ptiruvaip...@gmail.com>
> > Gesendet: Mittwoch, 15. Juni 2022 09:56
> > An: thomas.hoffm...@speed4trade.com.invalid
> > Cc: Tomcat Users List <users@tomcat.apache.org>
> > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0
> >
> > Hi,
> >
> > Thanks for the quick response. I will print all the available cipher
> suites.
> >
> > Where do I need to update the cipher to support SSL ?
> >
> >
> > Regards,
> > Pavan
> >
> > On Wed, Jun 15, 2022 at 12:39 PM Thomas Hoffmann (Speed4Trade GmbH)
> > <thomas.hoffm...@speed4trade.com.invalid> wrote:
> >
> > > Hello,
> > >
> > > > -----Ursprüngliche Nachricht-----
> > > > Von: Pavan Kumar Tiruvaipati <ptiruvaip...@gmail.com>
> > > > Gesendet: Mittwoch, 15. Juni 2022 08:59
> > > > An: Christopher Schultz <ch...@christopherschultz.net>
> > > > Cc: Tomcat Users List <users@tomcat.apache.org>
> > > > Betreff: Re: SSL issue with Tomcat 6.0.45 and JRE 1.8.0
> > > >
> > > > Hi,
> > > >
> > > > Tomcat server started successfully.
> > > >
> > > > I'm seeing the following error in the tomcat logs when SSL is
> > > > enabled in server.xml
> > > >
> > > > Application is not able to run on https://localhost:8080.
> > > >
> > > > 2022-06-15 12:02:43,923 [http-3003-1] DEBUG
> > > > *org.apache.tomcat.util.net.JIoEndpoint
> > > > - Handshake failed*
> > > >
> > > > *javax.net.ssl.SSLHandshakeException: no cipher suites in common at
> > > > sun.security.ssl.Alert.createSSLException(Unknown Source) *
> > > >
> > > > *at sun.security.ssl.Alert.createSSLException(Unknown Source) at
> > > > sun.security.ssl.TransportContext.fatal(Unknown Source) *
> > > >
> > > > *at sun.security.ssl.TransportContext.fatal(Unknown Source) at
> > > > sun.security.ssl.TransportContext.fatal(Unknown Source) at
> > > > sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuit
> > > > e(Un
> > > > known
> > > > Source) at
> > > > sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(Unknown
> > > > Source) at sun.security.ssl.SSLHandshake.produce(Unknown Source) at
> > > > sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(Unknown
> > > > Source) at
> > > > sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unkno
> > > > wn
> > > > Source) at
> > > > sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown
> > > > Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source) at
> > > > sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> > > > sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at
> > > > sun.security.ssl.TransportContext.dispatch(Unknown Source) at
> > > > sun.security.ssl.SSLTransport.decode(Unknown Source) at
> > > > sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at
> > > > sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
> > > > at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
> > > > sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at
> > > > org.apache.tomcat.util.net
> > > .jsse.JSSESocketFactory.handshake(JSSESocketFac
> > > > tory.java:233)
> > > > at
> > > > org.apache.tomcat.util.net
> > > .JIoEndpoint.setSocketOptions(JIoEndpoint.java:7
> > > > 01)
> > > > at org.apache.tomcat.util.net
> > > .JIoEndpoint$Worker.run(JIoEndpoint.java:503)
> > > > at java.lang.Thread.run(Unknown Source)*
> > > >
> > > > If I disable SSL in tomcat server.xml, It's working with Non-SSL (
> > > > http://localhost:8080).
> > > >
> > > > Does Tomcat SSL configuration work with JRE 1.8.0 ? Are there any
> > > > changes required to establish a handshake ?
> > > >
> > > > Please let me know if you need more details.
> > > >
> > > >
> > > > Regards,
> > > > Pavan
> > > >
> > > > On Tue, Jun 14, 2022 at 10:44 PM Christopher Schultz <
> > > > ch...@christopherschultz.net> wrote:
> > > >
> > > > > Pavan,
> > > > >
> > > > > Please reply to the list and not me personally.
> > > > >
> > > > > On 6/14/22 11:21, Pavan Kumar Tiruvaipati wrote:
> > > > > > <Connector port="8080"
> > > > > >                 maxThreads="150" minSpareThreads="25"
> > > > > maxSpareThreads="75"
> > > > > >                 enableLookups="false" disableUploadTimeout="true"
> > > > > >                 acceptCount="100"  scheme="https" secure="true"
> > > > > > connectionTimeout="20000"
> > > > > >                 clientAuth="false" algorithm="SunX509"
> > > sslProtocol="TLS"
> > > > > >        keystoreFile="conf/certificate" keystorePass="xxxxx"
> > > > > > useBodyEncodingForURI="true"
> > > > > >        SSLEnabled="true"/>
> > > > >
> > > > > That all looks pretty straightforward.
> > > > >
> > > > > When you say it's "not working", can you be more specific? Does
> > > > > the Tomcat server start? Are there any errors or warnings in the
> logs?
> > > > >
> > > > > -chris
> > > > >
> > > > > > On Tue, Jun 14, 2022 at 7:30 PM Christopher Schultz
> > > > > > <ch...@christopherschultz.net
> > > > > > <mailto:ch...@christopherschultz.net>>
> > > > > wrote:
> > > > > >
> > > > > >     Pavan,
> > > > > >
> > > > > >     On 6/14/22 08:32, Pavan Kumar Tiruvaipati wrote:
> > > > > >      > We have replaced JDK 1.8 with JRE 1.8.0_333.
> > > > > >      >
> > > > > >      > SSL configuration was working fine with Tomcat 6.0.45
> before
> > > > > >     replacing JDK
> > > > > >      > with JRE.
> > > > > >      >
> > > > > >      > Now it's not working.
> > > > > >      >
> > > > > >      > In server.xml, SSL Protocol is set to "TLS".
> > > > > >      >
> > > > > >      > Does Tomcat 6.0.45 support SSL with JRE 1.8.0_333 ?
> > > > > >      >
> > > > > >      > Are there any specific protocols / versions to be used to
> > > enable
> > > > > >     SSL ?
> > > > > >
> > > > > >     Please post your <Connector> configuration. Remove any
> > > > > > secrets that
> > > > > may
> > > > > >     be in there (e.g. passwords).
> > > > > >
> > > > > >     -chris
> > > > > >
> > > > >
> > >
> > > The error says that the client and the server couldn’t find a common
> > > cipher suite.
> > > They couldn’t agree on any cipher.
> > > Does your keystore contain a valid private key?
> > >
> > > Maybe you can try to print out all available cipher suites on your
> > > environment:
> > >
> > > https://stackoverflow.com/questions/9333504/how-can-i-list-the-availab
> > > le-cipher-algorithms You can add the code to a jsp-page and print out
> > > the available algorithms.
> > >
> > > Greetings,
> > > Thomas
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
>

Reply via email to