Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

BIP - https for Endusers (Browser) ends up in ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Go to solution
mario_panzenboeck
Contributor

on ‎2018 May 02 1:21 PM

0 Likes
2,891

Hello,

I am facing an issue while setting up SSL for BIP. The goal is to access the BI Launchpad with https and not http. So we changed the ports to 80 and 443 and I was following the tomcat documentations to achieve this.

I created the certificate request which got already signed and finally imported all the certificates. When I am accessing the https://localhost/BOE/BI site I get the following error message: ERR_SSL_VERSION_OR_CIPHER_MISMATCH


Can somebody help me out with this?

Thanks!

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
denis_konovalov
Active Contributor
‎2018 May 02 1:28 PM
0 Likes

I'm just curious, why are you asking this here ?
The issue is not related to any SAP products - it is common certificate/browser/webapp server setup issue with SSL. The cipher suites you specified for the tomcat https connector are not supported by your browsers.

https://kinsta.com/knowledgebase/err_ssl_version_or_cipher_mismatch/

https://support.google.com/chrome/a/answer/6357171?hl=en

https://answers.microsoft.com/en-us/edge/forum/edge_issue-edge_win10/errsslversionorciphermismatch/a...

Accepted Solutions (1)

Accepted Solutions (1)

ayman_salem
Active Contributor
‎2018 May 02 6:46 PM

Hi Mario,

It seems that you have an invalid certificate or it support only old TLS version (old TLS 1.0 is no longer supported )

so, follow this article

https://kinsta.com/knowledgebase/err_ssl_version_or_cipher_mismatch/

and check your certificate SSL check tool , also the TLS version

Second, your tomcat server.xml configuration for SSL should look like this:

<Connector port="7983" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="...<path>.../<keystore>.p12" keystorePass="xxxxxx"/>

...

I hope that will help

Ayman

Show replies
Show replies
mario_panzenboeck
Contributor
‎2018 Aug 14 7:03 AM
0 Likes

Hello, this was the Problem: my certificate was invalid I had a typo while creating it. The alias wasn´t correct! So now it´s working fine. Thanks for your help.

Answers (3)

Answers (3)

Former Member
‎2021 Feb 19 2:53 PM
0 Likes

Hi Mario,

Earlier in some of the older versions of the Chrome browser, there was a temporary solution, in which the user could enter chrome://flags, find the Minimum SSLv3 version support feature and set it to SSLv3. In more recent versions, the developers have developed the feature. Now, users can check whether they are able to fix the issue using this option on their browser.

You check detailed here: https://www.wpoven.com/blog/how-to-fix-err_ssl_version_or_cipher_mismatch-error/

Show replies
Show replies
mario_panzenboeck
Contributor
‎2018 May 02 1:43 PM
0 Likes

Thanks for that note. When I am using Internet Explorer I got different error message:

This page can´t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://localhost again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

I have to check if we are using this RC4 Suite but I have no idea where to check this?!

Show replies
Show replies
Former Member
‎2018 May 02 1:38 PM
0 Likes

There is known issue in Chrome. Did you try in IE?

2468705 - SSL URL for WACS server fails on Google Chrome

Show replies
Show replies
Ask a Question