Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

SSL_RSA_WITH_3DES_EDE_CBC_SHA Cipher Required for https

Questions
Tags
Users
Badges
Wade Herschberger
(111) Oct 15 '18, 9:34 a.m.

Running CLM 5.0.2 on Tomcat v7 and trying to force everything to TLSv1.2 and eliminate SSL* ciphers to comply with corporate security requirements. Am able to force TLS using sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" in my 'Connector' definition in server.xml. But if I try to remove all SSL* ciphers (leaving only TLS* ciphers) I get 'The client and server don't support a common SSL protocol version or cipher suite' using Google Chrome browser. By process of elimination, I narrowed it down to the cipher 'SSL_RSA_WITH_3DES_EDE_CBC_SHA' that is required to eliminate the cipher mismatch.

Using Google Chrome Developer Tools, I can see that TLS is being used

The connection to this site uses TLS 1.2 (a strong protocol), RSA (an obsolete key exchange), and 3DES_EDE_CBC with HMAC-SHA1 (an obsolete cipher).

I don't understand why the SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher is required if TLS is being used.

0 votes

0 answers
1,970 views
0 votes

Be the first one to answer this question!

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,513
× 6,132

Question asked: Oct 15 '18, 9:34 a.m.

Question was seen: 1,970 times

Last updated: Oct 15 '18, 9:34 a.m.

Confirmation Cancel Confirm