By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Adjusting the ciphers accepted by a Tomcat server running in Beanstalk

0

We've got our Tomcat application running in a load-balanced Beanstalk environment, and we've got HTTPS up and running. But I've found that if I try to connect to web services hosted by that application, from an AS/400 running V6R1, I can only use HTTP -- if I try to use HTTPS, I get

SSL Handshake: (GSKit) No compatible cipher suite

I've just determined that this slightly out-of-date AS/400 can handle
RSA_AES_128_CBC_SHA
RSA_RC4_128_SHA
RSA_RC4_128_MD5
RSA_AES_256_CBC_SHA
RSA_3DES_EDE_CBC_SHA
RSA_DES_CBC_SHA
RSA_EXPORT_RC4_40_MD5
RSA_EXPORT_RC2_CBC_40_MD5
RSA_NULL_SHA
RSA_NULL_MD5

But how do I adjust what our AWS environment will accept?

Edited by: Touchtonecorp on Feb 7, 2019 1:19 PM

Topics
Compute
Tags
AWS Elastic Beanstalk
Language
English
Touchtonecorp
asked 5 years ago202 views
1 Answer
0

With no answers forthcoming here or on ServerFault, I found time for a bit of digging myself, and found this: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html. It seems that the HTTPS is handled by the load balancer, and they have a security policy specific to the case of needing to support legacy clients. Just go into your HTTPS listener on your load balancer, and switch to the "ELBSecurityPolicy-TLS-1-0-2015-04" security policy, and acknowledge the warning (you can change back to a more restrictive security policy when you aren't having to connect from a legacy client), and click the "Update" button.

Touchtonecorp
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content