Tomcat SSL Error

Problem

The browser fails to contact the Adapter server and returns an SSL error:

You may face this error with Tomcat 8.5 and above. It happens when the browser and the server don't find any shared cyphering algorithm to perform the secured TLS communications.

Solution

The first measure to take is to ensure you run the last version of the browser.

If upgrading your browser doesn't fix the problem, you need to modify the Tomcat HTTPS connector to update the list of cyphering algorithms:

  1. Open the _tomcat_/conf/server.xml file
  2. Locate the SSL connector and update it to something similar to this:
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="200" SSLEnabled="true" scheme="https" secure="true" clientAuth="false"
        keystoreFile="/opt/tomcat/ssl/certificat-sodius.cloud.p12" keystorePass="dummypass"
        useServerCipherSuitesOrder="true"
        ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
        TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
        TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"/>
  3. Restart Tomcat

Retry the connection to the Sodius Adapter, it should work now.