cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

ERR_SSL_OBSOLETE_CIPHER

SOLVED
Highlighted
Amethyst

ERR_SSL_OBSOLETE_CIPHER

Hello, does anyone have any experience with error in ERR_SSL_OBSOLETE_CIPHER chrome? (IE works)

I am running CentOs with OpenJDK1.8 and Tomcat 8.

My server.xml looks like this:

    <Connector port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="8443" />

    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"

           port="8443" maxThreads="200"

           scheme="https" secure="true" SSLEnabled="true"

           keystoreFile="/usr/tomcat/conf/.keystore" keystorePass="twadmin"

           clientAuth="false" sslProtocol="TLS"/>

Thanks and best regards!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: ERR_SSL_OBSOLETE_CIPHER

This problem was caused by using OpenJDK, which has problems with crypto. Maybe it is only wrong settings, but when I use Oracle JDK it works good.

Also it is probably better to use Apache or Nginx for frontend, security for these is implemented faster then in Tomcat.

View solution in original post

2 REPLIES 2
Highlighted

Re: ERR_SSL_OBSOLETE_CIPHER

I do not really understand it but this works:

    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"

           port="8443" maxThreads="200"

           scheme="https" secure="true" SSLEnabled="true"

           keystoreFile="/usr/tomcat/conf/.keystore" keystorePass="twadmin"

           clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"

           ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"/>

Highlighted

Re: ERR_SSL_OBSOLETE_CIPHER

This problem was caused by using OpenJDK, which has problems with crypto. Maybe it is only wrong settings, but when I use Oracle JDK it works good.

Also it is probably better to use Apache or Nginx for frontend, security for these is implemented faster then in Tomcat.

View solution in original post

Announcements

Thingworx Navigate content has a new home! Click here to access the new Thingworx Navigate forum!