2

We've got our Tomcat application running in a load-balanced Beanstalk environment, and we've got HTTPS up and running. But I've found that if I try to connect to web services hosted by that application, from an AS/400 running V6R1, I can only use HTTP -- if I try to use HTTPS, I get

SSL Handshake: (GSKit) No compatible cipher suite

It appears that this slightly out-of-date AS/400 can do these ciphers: RSA_AES_128_CBC_SHA
RSA_RC4_128_SHA
RSA_RC4_128_MD5
RSA_AES_256_CBC_SHA
RSA_3DES_EDE_CBC_SHA
RSA_DES_CBC_SHA
RSA_EXPORT_RC4_40_MD5
RSA_EXPORT_RC2_CBC_40_MD5 RSA_NULL_SHA
RSA_NULL_MD5

How do I adjust what our AWS environment will accept?

hbquikcomjamesl
  • 259
  • 2
  • 16
  • slightly out of date? v6r1 will be 11 in March of 2019...support ended about 3 1/2 years ago... – Charles Feb 08 '19 at 01:13
  • We have a development box that's on V4R2. And our flagship product will still run (with slight but graceful degradation) on a V4R2 box. – hbquikcomjamesl Feb 08 '19 at 01:37

1 Answers1

0

With no answers forthcoming here or on Amazon's support board, I found time for a bit of digging myself, and found this. It seems that the HTTPS is handled by the load balancer, and they have a security policy specific to the case of needing to support legacy clients. Just go into your HTTPS listener on your load balancer, and switch to the "ELBSecurityPolicy-TLS-1-0-2015-04" security policy, and acknowledge the warning (you can change back to a more restrictive security policy when you aren't having to connect from a legacy client), and click the "Update" button.

hbquikcomjamesl
  • 259
  • 2
  • 16