[openssl-users] Problem in connecting to Java (Tomcat) server with ECDHE ciphers
Jeffrey Walton
noloader at gmail.com
Sun Jun 4 06:29:52 UTC 2017
On Sun, Jun 4, 2017 at 1:01 AM, Pravesh Rai <pravesh.rai at gmail.com> wrote:
> Hi,
>
> Even though I've disabled SSLvX protocols on both - client (openssl-1.0.2k)
> & server (Java 1.8 with Tomcat), still getting following handshake error,
> while executing:
>
> "openssl s_client -connect a.b.c.d:<port> -msg -debug -cipher
> ECDHE-ECDSA-AES256-GCM-SHA384"
>
GCM mode is a TLS 1.2 cipher. It looks like Java 8 enables it by
default; cf. https://blogs.oracle.com/java-platform-group/jdk-8-will-use-tls-12-as-default.
Maybe something like:
openssl s_client -connect www.example.com:443 -tls1_2 -servername
www.example.com
The command uses SNI and TLS 1.2, which is pretty much standard
practice nowadays.
If that does not do it, then maybe you can use SSLscan to identify the
protocols and cipher suites the server supports.
https://github.com/rbsec/sslscan
Jeff
More information about the openssl-users
mailing list