[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ftpapi] Problem: (GSKit) No compatible cipher suite available between SSL end points.



On 10/4/17, 12:26 PM, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James,
. . .
Okay so you are in no way interfering with the defaults. That means
you'll get (depending upon your exact versions of various things) a
Tomcat which supports TLSv1 or later, and most of the cipher suites
that are shown as "default" above.

Your choice of TLS certificate may affect some of the things that you
can do, but I see that you've got an RSA certificate from the output
from SSLLabs, so you shouldn't have any problems with a DSS
certificate or anything like that. (Use of DSS certs these days is
fairly rare).
. . .
Strange. I would have expected Tomcat to enable more cipher suites
with a default configuration given the SSLInfo output above.

Are you sure you are using the same Java version with Tomcat as you
did to run those commands above?

Dear Mr. Schultz:
It sure looks like the same Java version. Here is what the manager returns:
Apache Tomcat/8.5.14 (Debian) 1.7.0_151-b01 Oracle Corporation Linux 	3.16.0-4-amd64 	amd64

It would definitely be helpful if the OS/400 names of the cipher suites more precisely matched the Java names. To recap, the QSSLCSL system value on the AS/400 shows (using the OS/400 naming conventions)
*RSA_AES_128_CBC_SHA
*RSA_RC4_128_SHA
*RSA_RC4_128_MD5
*RSA_AES_256_CBC_SHA
*RSA_3DES_EDE_CBC_SHA
*RSA_DES_CBC_SHA
*RSA_EXPORT_RC4_40_MD5
*RSA_EXPORT_RC2_CBC_40_MD5
*RSA_NULL_SHA
*RSA_NULL_MD5

--
JHHL
--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi