Hi ALL,
Web UI launched successfully.
Using a link in the web UI, we will download and launch a Java Web start
Launcher (JNLP).
JNLP is not opening, it is due to the problem in Tomcat or it is problem in the
JDK.
Following exception thrown
javax.net.ssl.SSLException: Received fatal alert: protocol_version
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown
Source)
at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown
Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivilegedWithCombiner(Unknown
Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doGetRequest(Unknown Source)
at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unkn
-----Original Message-----
From: Daniel Savard <[email protected]>
Sent: Tuesday, June 29, 2021 11:33 AM
To: Tomcat Users List <[email protected]>
Subject: Re: TLSv1.3 Support in Tomcat
https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites
TLSv1.3 supports 5 cipher suites and none is in your list.
-----------------
Daniel Savard
Le mar. 29 juin 2021 à 01:44, S Abirami <[email protected]> a
écrit :
> Hi Christopher,
>
> Below is my Connector element, sslEnabledProtocols =TLSv1.2 ,TLS 1.3
> it is working fine with TLSv1.2. When sslEnabledProtocols=TLSv1.3,
> Tomcat is started but, the browser unable to perform handshake with webapp.
>
> Is there any dependency with Cipher suites?
>
> <Connector
> protocol="com.ericsson.http.protocol.Http11Nio2ProtocolDecryptProp"
> port="<fourdigit number>" maxThreads="200" scheme="https" secure="true"
> SSLEnabled="true" keystoreFile="/opt/cert/keystore"
> keystorePass="<Keystore_Password>" clientAuth="false"
> maxHttpHeaderSize="8192" server="<SERVER>" xpoweredBy="false"
> ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_S
> HA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
> TLS_RSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_RSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"
> sslEnabledProtocols=" TLSv1.3"/>
>
>
>
> Regards,
> Abirami.S
>
> -----Original Message-----
> From: Christopher Schultz <[email protected]>
> Sent: Monday, June 28, 2021 7:27 PM
> To: [email protected]
> Subject: Re: TLSv1.3 Support in Tomcat
>
> Abirami,
>
> On 6/28/21 07:16, S Abirami wrote:
> > TLSv1.3 support is available in Tomcat.
> >
> > I tried just updating server.xml[sslEnabledProtocols=TLSv1.3] and
> > restarted tomcat. It doesn't work.
> >
> > [We are using Tomcat 9.0.46 and JDK 8u291]
> >
> > Please let me know any other configuration also needs to be changed.
>
> Can you please post your <Connector> configuration (minus any secrets)?
>
> When you say "it doesn't work", what exactly do you mean?
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
