apache-tomcat-7.0.42 as standalone web server jdk1.7.0_45 Ubuntu 12.10 Greetings
I'm sure this is an old chestnut but it's got me stumped I just purchased and installed my first ever ssl certificate I had it installed and apparently running in no time. I should of course have been suspicious that it all went so smoothly but I though it was about time I got a break ... no such luck. Clicking the padlock in chrome I get Your connection to 192.168.1.68 is encrypted using an obsolete cipher suit. The connection uses TLS 1.2. The connection is encrypted using AES_128_CBC with HMAC-SHA1 for message authentication and ECDHE_RSA as the key exchange mechanism. I followed the instructions here https://www.sslshopper.com/article-how-to-disable-weak-ciphers-and-ssl-2-in-tomcat.html and passed then following when starting tomcat -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 \ No luck so far here is server.xml <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /> <Connector port="443" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" keystoreFile="/opt/keys/tomcat.keystore" keystorePass="**********" clientAuth="false" keyAlias="tomcat" /> Any pointers to useful resources much appreciated TIA Lyallex --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
