Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Adjusting the ciphers accepted by a Tomcat server running in Beanstalk

0

We've got our Tomcat application running in a load-balanced Beanstalk environment, and we've got HTTPS up and running. But I've found that if I try to connect to web services hosted by that application, from an AS/400 running V6R1, I can only use HTTP -- if I try to use HTTPS, I get

SSL Handshake: (GSKit) No compatible cipher suite

I've just determined that this slightly out-of-date AS/400 can handle
RSA_AES_128_CBC_SHA
RSA_RC4_128_SHA
RSA_RC4_128_MD5
RSA_AES_256_CBC_SHA
RSA_3DES_EDE_CBC_SHA
RSA_DES_CBC_SHA
RSA_EXPORT_RC4_40_MD5
RSA_EXPORT_RC2_CBC_40_MD5
RSA_NULL_SHA
RSA_NULL_MD5

But how do I adjust what our AWS environment will accept?

Edited by: Touchtonecorp on Feb 7, 2019 1:19 PM

Themen
Kalkulation
Tags
AWS Elastic Beanstalk
Sprache
English
Touchtonecorp
gefragt vor 5 Jahren207 Aufrufe
1 Antwort
0

With no answers forthcoming here or on ServerFault, I found time for a bit of digging myself, and found this: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html. It seems that the HTTPS is handled by the load balancer, and they have a security policy specific to the case of needing to support legacy clients. Just go into your HTTPS listener on your load balancer, and switch to the "ELBSecurityPolicy-TLS-1-0-2015-04" security policy, and acknowledge the warning (you can change back to a more restrictive security policy when you aren't having to connect from a legacy client), and click the "Update" button.

Touchtonecorp
beantwortet vor 5 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt