Hello,
We have a requirement to enable TLS traffic to only use TLS 1.3. We are
currently on Tomcat version 7.0.53, which I learned does not support TLSv1.3 (I
need to be atleast on Tomcat version 7.0.92 to have TLS 1.3 support from Tomcat
(assuming the underlying Java supports it as well)).
So I upgraded to the latest version of Tomcat 7 - Tomcat 7.0.108.
Now when I enable TLSv1.3 by setting sslEnabledProtocols="TLSv1.3" in
server.xml of Tomcat, I get the below error:
SEVERE: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol
is disabled or cipher suites are inappropriate) at
com.ibm.jsse2.Z.<init>(Z.java:287) at
com.ibm.jsse2.ac.<init>(ac.java:9) at com.ibm.jsse2.ba.a(ba.java:52)
at com.ibm.jsse2.bf.beginHandshake(bf.java:84) at
org.apache.tomcat.util.net.SecureNioChannel.reset(SecureNioChannel.java:91)
at
org.apache.tomcat.util.net.SecureNioChannel.<init>(SecureNioChannel.java:73)
at
org.apache.tomcat.util.net.NioEndpoint.setSocketOptions(NioEndpoint.java:677)
at
org.apache.tomcat.util.net.NioEndpoint$Acceptor.run(NioEndpoint.java:844)
at java.lang.Thread.run(Thread.java:822)
If I set sslEnabledProtocols="TLSv1.2,TLSv1.3" in server.xml of Tomcat, I do
not see the error but the client browser (Chrome) connects on TLSv1.2 and not
on TLSv1.3.
I then tried the same operations as above on Tomcat 8.5.35 and Tomcat 9.0.13
and I do not see this error. But we have a requirement to stay on Tomcat 7
because of vendor support licensing. Please help.
