Problem with servers startup when reusing server.xml from previous installations of Spotfire (earlier than 7.9) and if the list of ciphers have been manually modified - "None of the [ciphers] specified are supported by the SSL engine"

Problem with servers startup when reusing server.xml from previous installations of Spotfire (earlier than 7.9) and if the list of ciphers have been manually modified - "None of the [ciphers] specified are supported by the SSL engine"

book

Article ID: KB0075628

calendar_today

Updated On:

Products Versions
Spotfire Server 7.9 and higher

Description

The list of ciphers differs between Spotfire versions. There are other differences in server.xml files between Spotfire versions. Starting from Spotfire 7.9 there is a line in server.xml file: 
<Listener className="com.spotfire.server.security.trust.tomcat.BCLoaderListener" />
When reusing server.xml file from previous versions of Spotfire (earlier than 7.9) for newer versions of Spotfire there might be problems with HTTPS if the list of ciphers are manually modified.

Without the above mentioned line, missing certain ciphers  will not be used (ECDHE ciphers). When manually modifying available ciphers, if only ECDHE ciphers are left, there will be a problem with servers startup and an error message in catalina log: 
16-Aug-2019 12:14:18.448 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-443]]
 org.apache.catalina.LifecycleException: Protocol handler initialization failed
..............................................................................................
Caused by: java.lang.IllegalArgumentException: None of the [ciphers] specified are supported by the SSL engine : [[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]]

 

Issue/Introduction

If an old server.xml file (from versions 7.8 and earlier) is reused after an upgrade and if list of ciphers are manually modified (leaving only ECDHE ciphers) problems can be encountered with HTTPS

Resolution

To fix the problem, add the following line to server.xml:

<Listener className="com.spotfire.server.security.trust.tomcat.BCLoaderListener" />
Powered by Wolken Software