Recent versions of Chrome and Firefox have disabled SSLv3.0 by default due to the POODLE vulnerability . This leads to the following error when trying to open the site that I created (and which works fine):
With Chrome:
A secure connection cannot be established because this site uses an unsupported protocol. Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
With Firefox:
Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)
I researched this issue with Chrome , Firefox , Tomcat and more Tomcat docs . I understand the problem, but I cannot find the documentation to configure Tomcat 7 to use only the ciphers and TLS protocols that are now secure. I'm not sure if I need to create a new cert / keypair, modify the server.xml file or install a new version of Tomcat or something else. I'm not even sure which encryption / protocol versions are now considered "acceptable" by these browsers. Can someone point me to the docs or installation example for this?
I am using OpenJDK 1.7 on Ubuntu 14.04 with Tomcat 7.
Here is my cert file (edited):
Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: something Creation date: May 4, 2013 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=something, OU=something, O=something, L=something, ST=something, C=something Issuer: CN=something, OU=something, O=something, L=something, ST=something, C=something Serial number: ... Valid from: Sat May 04 17:28:21 MST 2013 until: Tue May 02 17:28:21 MST 2023 Certificate fingerprints: MD5: ... SHA1: ... SHA256: ... Signature algorithm name: SHA1withDSA Version: 3
Here is my server.xml entry for HTTPS support:
<Connector port="8484" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="/path/mykeystore" keystorePass="password" clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLS" />
java ssl tomcat
user3120173
source share