[Bug 57718] New: None of the ciphers specified are supported by the SSL engine

bugzilla Mon, 16 Mar 2015 23:11:04 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=57718


            Bug ID: 57718
           Summary: None of the ciphers specified are supported by the SSL
                    engine
           Product: Tomcat Connectors
           Version: unspecified
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Common
          Assignee: dev@tomcat.apache.org
          Reporter: sheka...@gmail.com

Hi

We are using Tomcat as webserver.
We set the tomcat connector like this

connector = new Connector("HTTP/1.1");
                connector.setPort(httpsPort);
                connector.setSecure(true);
                connector.setProperty("clientAuth", "false");
                connector.setAllowTrace(false);
  connector.setProperty("server", "Server Hardware Management Console");
                connector.setEnableLookups(true); // -27
                connector.setProperty("SSLEnabled", "true");
                connector.setProperty("backlog", "10");
                connector.setProperty("maxThreads", "75");
                connector.setProperty("minSpareThreads", "5");
                connector.setProperty("maxSpareThreads", "20");
                connector.setProperty("soTimeout", "20000");
                connector.setScheme("https");
                connector.setProperty("algorithm", KeyManagerFactory
                        .getDefaultAlgorithm());
                connector.setProperty("keystoreFile", CertUtils
                        .getConfiguredKeyStoreFileName());
                connector.setProperty("keystorePass", "password");
                connector.setProperty("keystoreType", "JKS");
                if("nist_sp800_131a".equals(sm.getSecurityMode())){
                    connector.setProperty("sslProtocol", "TLSv1.2");
                }else{
                 connector.setProperty("sslProtocol", "TLS");

 connector.setProperty("sslEnabledProtocols","TLSv1,TLSv1.1,TLSv1.2");
                }
                connector.setProperty("ciphers", sm.getCiphers());
<<<<<<<<<<<<<<<<<----------------------- Here we set the Cipher.

                tomcat.getService().addConnector(connector);
                commonSystem.setListeningOnHttps(true);

This is the Cipher list we have and we set the below Cipher to Tomcat (
Check the above code.)
availablTLSv11CipherList.add("TLS_RSA_WITH_AES_128_CBC_SHA");
  availablTLSv11CipherList.add("TLS_RSA_WITH_3DES_EDE_CBC_SHA");
  availablTLSv11CipherList.add("TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA");
  availablTLSv11CipherList.add("TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA");
  availablTLSv11CipherList.add("TLS_DHE_RSA_WITH_AES_128_CBC_SHA");

availablTLSv12CipherList.add("TLS_RSA_WITH_AES_128_CBC_SHA256");
  availablTLSv12CipherList.add("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
);
  availablTLSv12CipherList.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
  availablTLSv12CipherList.add("TLS_RSA_WITH_AES_128_GCM_SHA256");
  availablTLSv12CipherList.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
);

I am using the Cipher list starting with TLS for ex:
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", Earlier everything was
working fine, but after Tomcat update to 7.0.59 from 7.0.29, I see that if I
set the above Cipher
list I am getting below error

WARNING: None of the ciphers specified are supported
by the SSL engine : TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DS
S_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_W
ITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DH
E_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_R
SA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SH
A,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_
SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WI
TH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WIT
H_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_
ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS
_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128
_GCM_SHA256,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128
_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH
_AES_128_GCM_SHA256,TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_3DES
_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_

If I set the Cipher name to SSL it works. I mean to say Instead of
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" to
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. I want to know why this
behaviour got changed.

We are using IBM JAVA 6.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57718] New: None of the ciphers specified are supported by the SSL engine

Reply via email to