-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Manish,
On 9/9/16 3:26 AM, Palod, Manish wrote: > Hi All, > > I am in process of migrating my application from tomcat 7.0.70 to > 8.5.5 and getting some issues > > My connector settings of 7.0.70 is <Connector port="443" > protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" > scheme="https" secure="true" > keystoreFile="conf/my-server.keystore" keystorePass="changeit" > keystoreType="jks" compression="on" > compressableMimeType="text/html,text/xml,text/plain,text/javascript,te xt/css,application/x-javascript,application/javascript" > > address="<address>" > ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128 _CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_R SA_WITH_3DES_EDE_CBC_SHA" > > clientAuth="false" > sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" > maxPostSize="10485760" /> > > And connector settings of 8.5.5 is > > <Connector port="443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > SSLEnabled="true" maxThreads="150" scheme="https" secure="true" > compression="on" > compressableMimeType="text/html,text/xml,text/plain,text/javascript,te xt/css,application/x-javascript,application/javascript" > > address="<address>" > maxPostSize="10485760" > <SSLHostConfig sslProtocol="TLS" > protocols="TLSv1,TLSv1.1,TLSv1.2" > ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128 _CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"> > > <Certificate > certificateKeystoreFile="conf/my-server.keystore" > certificateKeystorePassword="changeit" > certificateKeystoreType="jks" certificateKeyAlias="tomcat" > certificateVerification="true" /> </SSLHostConfig> </Connector> > > > Things are working fine with tomcat 7.0.70 but with tomcat 8.5.5, > while accessing application in browser, I am getting message "This > site can't provide a secure connection localhost uses an > unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH" > > What is the mistake I am doing in migration. What happens if you remove the "ciphers" configuration but leave everything else? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJX0wLoAAoJEBzwKT+lPKRYxAAQAJ+yuy5TOp44a4hY4x0xk5J/ YmTdOK7e/KQG165m55k3cSJVtFxHtgVxMj5OIHcolpm+LGBPGqtYAMb394gBKQNo IdwT3QHGUMC+ap198fiXeGn+5+C/SwZYyYSOofUyuCHSBtElP9kxzIRgTEGm9jWX kTb0NSh0JTgsVeA4JdOQPd0cztY1u3Fe6ThtTmosW71KsBlX9kvFjuhRh3knTIJ4 4wpbuTBoTMJVGBjYuVcf3VeW/eAcXfy9Fy47piB5XvFQyzOIfeAeX0RCWM9CY7l5 43/V0NXWKAHkkkRPU5ULYiH1fDwMy3QXNmzwDZv2bYKjR480h5FJT7PhqHjZ4H7L 6NFTLZULpqe9mb9ItvVw+etcrzgrLuf7idypxZ0+3YZo3nugySPqtob7WVtH3McP zehPpGE/ODmLmX073T3JmpjFNpQxsnsizmL2YLfJJOFdashybXCU1et9FZf4Ny3v kLnmwtDtcJxpNAsDInLRJ62Z/JgjtB1/Ngc4R/4g1i4g2azT+4qALkG3YGhGEDIa usHk4Z3Ax9REkRgvEQxBgD8QTchPSSEgd/dD9H2b8gbrj/TDgfeRGmrh3iZn6Otd p1vlddV3Dr5i3Fo7GOiut6lFumO7fRRkEeTyu7NHOuaHpk9XWK9sYuMjYv3XoNfG oKoWwpqjgpNMOJcvjtuv =MvHH -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
