[openssl-users] Problem in connecting to Java (Tomcat) server with ECDHE ciphers

Jeffrey Walton noloader at gmail.com
Sun Jun 4 06:29:52 UTC 2017

On Sun, Jun 4, 2017 at 1:01 AM, Pravesh Rai <pravesh.rai at gmail.com> wrote:
> Hi,
> Even though I've disabled SSLvX protocols on both - client (openssl-1.0.2k)
> & server (Java 1.8 with Tomcat), still getting following handshake error,
> while executing:
> "openssl s_client -connect a.b.c.d:<port> -msg -debug -cipher

GCM mode is a TLS 1.2 cipher. It looks like Java 8 enables it by
default; cf. https://blogs.oracle.com/java-platform-group/jdk-8-will-use-tls-12-as-default.

Maybe something like:

    openssl s_client -connect www.example.com:443 -tls1_2 -servername

The command uses SNI and TLS 1.2, which is pretty much standard
practice nowadays.

If that does not do it, then maybe you can use SSLscan to identify the
protocols and cipher suites the server supports.


More information about the openssl-users mailing list