Running CLM 5.0.2 on Tomcat v7 and trying to force everything to TLSv1.2 and eliminate SSL* ciphers to comply with corporate security requirements. Am able to force TLS using sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" in my 'Connector' definition in server.xml. But if I try to remove all SSL* ciphers (leaving only TLS* ciphers) I get 'The client and server don't support a common SSL protocol version or cipher suite' using Google Chrome browser. By process of elimination, I narrowed it down to the cipher 'SSL_RSA_WITH_3DES_EDE_CBC_SHA' that is required to eliminate the cipher mismatch.

Using Google Chrome Developer Tools, I can see that TLS is being used

The connection to this site uses TLS 1.2 (a strong protocol), RSA (an obsolete key exchange), and 3DES_EDE_CBC with HMAC-SHA1 (an obsolete cipher).

I don't understand why the SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher is required if TLS is being used.