cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

ERR_SSL_OBSOLETE_CIPHER

SOLVED
Highlighted
Amethyst

ERR_SSL_OBSOLETE_CIPHER

Hello, does anyone have any experience with error in ERR_SSL_OBSOLETE_CIPHER chrome? (IE works)

I am running CentOs with OpenJDK1.8 and Tomcat 8.

My server.xml looks like this:

    <Connector port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="8443" />

    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"

           port="8443" maxThreads="200"

           scheme="https" secure="true" SSLEnabled="true"

           keystoreFile="/usr/tomcat/conf/.keystore" keystorePass="twadmin"

           clientAuth="false" sslProtocol="TLS"/>

Thanks and best regards!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ERR_SSL_OBSOLETE_CIPHER

This problem was caused by using OpenJDK, which has problems with crypto. Maybe it is only wrong settings, but when I use Oracle JDK it works good.

Also it is probably better to use Apache or Nginx for frontend, security for these is implemented faster then in Tomcat.

2 REPLIES 2

Re: ERR_SSL_OBSOLETE_CIPHER

I do not really understand it but this works:

    <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"

           port="8443" maxThreads="200"

           scheme="https" secure="true" SSLEnabled="true"

           keystoreFile="/usr/tomcat/conf/.keystore" keystorePass="twadmin"

           clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"

           ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"/>

Re: ERR_SSL_OBSOLETE_CIPHER

This problem was caused by using OpenJDK, which has problems with crypto. Maybe it is only wrong settings, but when I use Oracle JDK it works good.

Also it is probably better to use Apache or Nginx for frontend, security for these is implemented faster then in Tomcat.