I’ve trouble to use a browser for accessing my SSL/TLS enabled tomcat-6.0.36-windows-x64 server. It works fine with openssl but not with any browser.
Initializing looks fine:
16.01.2013 16:45:09 org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
Also openSSL:
openssl s_client -tls1 -connect localhost:8443:
Result:
New, TLSv1/SSLv3, Cipher is ECDH-ECDSA-AES256-SHA
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : ECDH-ECDSA-AES256-SHA
Only web-browsers don’t work:
Firefox 15.0.1 says: ssl_error_no_cypher_overlap
Chrome 24.0.1312.52 m: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
That’s the tomcat configuration:
Connector port="8443" maxHttpHeaderSize="8192"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150"
scheme="https"
secure="true"
SSLProtocol="all"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
SSLEnabled="true"
SSLCertificateFile="../ecc_servercert.crt"
SSLCertificateKeyFile="../ec_serverkey.pem"
The certificate is based on a ecliptic curves algorithm:
openssl ecparam -out c:\ecc\ec_serverkey.pem -name secp256k1 -genkey
openssl req -new -x509 -nodes -days 365 -key c:\ecc\ec_serverkey.pem -out c:\ecc\ecc_servercert.crt
Hope someone has an idea? Accourding to hours of searching, the browers should support this configuariton ...
Ragards, Tobi
I think that there are two possibilities:
Either you use the APR connector and Tomcat native libraries as well, so it will throw the error.(more info:http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File)
Or you use the same port for both http & https: in your connector you use 8443 which is usually used for http.(have you tried o use port="443" not "8443"?)