On Sun, Jun 4, 2017 at 1:01 AM, Pravesh Rai <pravesh.rai@xxxxxxxxx> wrote: > Hi, > > Even though I've disabled SSLvX protocols on both - client (openssl-1.0.2k) > & server (Java 1.8 with Tomcat), still getting following handshake error, > while executing: > > "openssl s_client -connect a.b.c.d:<port> -msg -debug -cipher > ECDHE-ECDSA-AES256-GCM-SHA384" > GCM mode is a TLS 1.2 cipher. It looks like Java 8 enables it by default; cf. https://blogs.oracle.com/java-platform-group/jdk-8-will-use-tls-12-as-default. Maybe something like: openssl s_client -connect www.example.com:443 -tls1_2 -servername www.example.com The command uses SNI and TLS 1.2, which is pretty much standard practice nowadays. If that does not do it, then maybe you can use SSLscan to identify the protocols and cipher suites the server supports. https://github.com/rbsec/sslscan Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
