0

I have an old Java 5 application running on a Tomcat 5 server. I tried everything suggested to implement the TLS v1.2 protocol yet nothing worked and the browser will return a ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. As of now what I tried is:

  1. Configuring the Server.xml

    <Connector ... sslEnabledProtocols = "TLSv1.2">

  2. Updating the jre to Java 1.7

  3. Adding to the optional jvm arguments

    -Dhttps.protocols=TLSv1.2

Beside upgrading Tomcat to a newer version, what can I do?

Giancarlo Forino
  • 1
  • Can the app work on a newer tomcat? Now is the time to upgrade. – Thorbjørn Ravn Andersen Apr 21 '22 at 08:48
  • Otherwise you’ll need a modern proxy like nginx in front of it. – Thorbjørn Ravn Andersen Apr 21 '22 at 08:49
  • 2
    https.protocols only affects connections by (Https)URLConnection _to_ other systems, not those received _from_ browsers etc. However, _if_ your connector uses the Java stack -- i.e. 'BIO' or 'NIO[2]' not 'APR' -- _and_ the config accepts sslEnabledProtocols (I don't remember if it went back to 5, and the doc is gone) _and_ you run on Java (1.)7 up, then it should work _if_ the browser doesn't demand AEAD (which it might). Try setting -Djavax.net.debug=ssl:handshake and/or an external trace like wireshark or tcpdump to see what you get. Or a proxy like Thorbjørn says. – dave_thompson_085 Apr 21 '22 at 08:55
  • 2
    Unless I am much mistaken Java 1.5 never supported TLS 1.2 in the first place, in which case there is nothing you can do about that. All the software mentioned in your question is nearly 20 years old and should have been upgraded decades ago. Do it now. – user207421 Apr 21 '22 at 11:28

0 Answers0