Winstone Configures Self-signed Keystore for SSL Authentication

Question

Winstone Configures Self-signed Keystore for SSL Authentication

I create a self-signed key using

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 1360 -keysize 2048

Deploying the keystore using the Winstone servlet container using the option --httpsKeyStore=keystore.jks. When accessing with chrome, I get the following error:

The server has a weak, ephemeral public key Diffie-Hellman

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

Is there a way to overcome this problem by creating a keystore or configuring Winstone? I can access the site from the Firefox browser.

+4

java ssl ssl-certificate keytool winstone

Sharavanakumaar murugesan Dec 21 '15 at 14:08

source share

2 answers

. , Diff-Hellman SSL/TLS. server.xml, :

<Connector port="443" 
              protocol="org.apache.coyote.http11.Http11Protocol"
              SSLEnabled="true"
              maxThreads="150"
              scheme="https"
              secure="true"
              keystoreFile="..\ssl\keystore"
              keystorePass="yourpasswordgoeshere"
              clientAuth="false"
              sslProtocol="TLSv1.2"
              sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
              ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                       TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
                       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                       TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
                       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
                       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
                       TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
                       TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
                       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
                       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
                       TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
                       TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"
   />

0

Richard Brightwell 21 . '15 16:48

Sharavanakumaar Murugesan · Accepted Answer · 2015-12-22T06:28:50+0000

Java 1.7 ( 1.6), Chrome

Winstone Configures Self-signed Keystore for SSL Authentication

The server has a weak, ephemeral public key Diffie-Hellman

More articles: