-----Original Message----- From: James H. H. Lampert <jam...@touchtonecorp.com> Sent: Wednesday, August 5, 2020 1:06 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Connector works fine with Firefox, but not on speaking terms with Chrome!
On 8/5/20 10:43 AM, calder wrote: > certificateVerificationh="none" > > there's one issue (misspelling), though may not be a contributing > factor. > Corrected; no effect. > Jon McAlexander wrote: > I believe that > > protocols="TLSv1.2"> > > should be > > sslEnabledProtocol="TLSv1.2" > My understanding of the instructions is that "protocols" is correct for an > SSLHostConfig, whereas "sslEnabledProtocols" is correct > for a Connector > without an SSLHostConfig. At any rate, I tried "protocols," > "sslEnabledProtocol," and "sslEnabledProtocols"; no effect. Firefox still > likes it just fine (and so does Safari), but Chrome chokes on > it (and if > there's a diagnostic to tell me the gory details of WHY it's choking on it, I > don't know where to find it). And both Chrome > > and Firefox like the new LE > cert just fine in httpd. > If it will help, the real domain is > https://test.wintouch.net > -- > JHHL Most likely then you need to find a cypher list that is valid for TLSv1.2. Such as below: ACCEPTABLE TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 IDEAL TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
