"JBWEB003106: Unsupported protocol TLS" on EAP 6.4

Solution Unverified - Updated 2 Aug 2024

Environment

Red Hat JBoss Enterprise Application Platform (EAP) 6.4
using ssl connector in web subsystem (JBossWeb) with protocol="TLS"

Issue

EAP does not answer over SSL even though https interface is initialized and the following errors are shown in browsers:
```
Firefox: SSL_ERROR_NO_CYPHER_OVERLAP
Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
```

EAP server log shows:

WARN  [org.apache.tomcat.util] (MSC service thread 1-4) JBWEB003106: Unsupported protocol TLS

Configuring the SSL connector in the web subsystem with the value TLS prevents all SSL connections from completing handshaking

Resolution

Use protocol="TLSv1,TLSv1.1,TLSv1.2" instead of protocol="TLS".

Root Cause

TLS is not a valid Java SSL/TLS protocol. According to the Content from docs.oracle.com is not included.Oracle Java Secure Socket Extension (JSSE) documentation, the valid protocol names are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and SSLv2Hello.

Prior to EAP 6.4, if the protocol list had no valid values the default Java runtime SSL/TLS protocols were used. However, in EAP 6.4 the behavior changed to have no protocols which will prevent all clients from connecting. This behavior makes it explicit that the configuration was invalid.

SBR

JBoss Security

Product(s)

Red Hat JBoss Enterprise Application Platform

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.