spring boot 1.4 ssl with chrome 55

Question

I was used this config for a web site with spring boot 1.3

server.port=8443
server.ssl.key-store=www_test_com.jks
server.ssl.key-store-password=v11p5v33
server.ssl.keyAlias=server

That was working

I updated to 1.4.3. That stoped to work with chrome

Chrome return this message

This site can't provide a secure connection

your www_test_com uses an unsupported protocol ERR_SSL_OBSOLETE_CIPHER

with firefox, that work fine.

Edit

I updated to java 8 instead of open-jdk 8, that work.

Anything to do to get it working with open-jdk?

score 0 · Answer 1 · edited May 23 '17 at 12:01

Try upgrading your openJDK package.

I maintain an SSL-enabled Spring Boot 1.4.4 webservice and met the problem you describe, on a CentOS 7 server with java-1.8.0-openjdk-1.8.0_91-b14 installed. I checked that it indeed worked with the latest Java release from Oracle (Java SE 8u121).

Using the following command (given here):

openssl s_client -connect server:port

Both releases use different ciphers.

OpenJDK 1.8.0_91-b14 uses:

SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : DHE-RSA-AES256-GCM-SHA384

While Oracle's 8u121 release uses:

SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256

I updated to the latest version available in the base repository of Centos 7 (1.8.0_102-b14), and also got:

SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

Edit: some information about Chrome and SSL cipher suites.

spring boot 1.4 ssl with chrome 55

1 Answers1