Date Posted:
Product: TIBCO Spotfire®
Product: TIBCO Spotfire®
Problem:
Problem with servers startup when reusing server.xml from previous installations of Spotfire (earlier than 7.9) and if the list of ciphers have been manually modified - "None of the [ciphers] specified are supported by the SSL engine"
Solution:
The list of ciphers differs between Spotfire versions. There are other differences in server.xml files between Spotfire versions. Starting from Spotfire 7.9 there is a line in server.xml file:
<Listener className="com.spotfire.server.security.trust.tomcat.BCLoaderListener" />When reusing server.xml file from previous versions of Spotfire (earlier than 7.9) for newer versions of Spotfire there might be problems with HTTPS if the list of ciphers are manually modified.
Without the above mentioned line, missing certain ciphers will not be used (ECDHE ciphers). When manually modifying available ciphers, if only ECDHE ciphers are left, there will be a problem with servers startup and an error message in catalina log:
16-Aug-2019 12:14:18.448 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-443]] org.apache.catalina.LifecycleException: Protocol handler initialization failed .............................................................................................. Caused by: java.lang.IllegalArgumentException: None of the [ciphers] specified are supported by the SSL engine : [[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]]
To fix the problem, add the following line to server.xml:
<Listener className="com.spotfire.server.security.trust.tomcat.BCLoaderListener" />
Comments
0 comments
Article is closed for comments.