We've got our Tomcat application running in a load-balanced Beanstalk environment, and we've got HTTPS up and running. But I've found that if I try to connect to web services hosted by that application, from an AS/400 running V6R1, I can only use HTTP -- if I try to use HTTPS, I get
SSL Handshake: (GSKit) No compatible cipher suite
It appears that this slightly out-of-date AS/400 can do these ciphers:
RSA_AES_128_CBC_SHA
RSA_RC4_128_SHA
RSA_RC4_128_MD5
RSA_AES_256_CBC_SHA
RSA_3DES_EDE_CBC_SHA
RSA_DES_CBC_SHA
RSA_EXPORT_RC4_40_MD5
RSA_EXPORT_RC2_CBC_40_MD5
RSA_NULL_SHA
RSA_NULL_MD5
How do I adjust what our AWS environment will accept?
With no answers forthcoming here or on Amazon's support board, I found time for a bit of digging myself, and found this. It seems that the HTTPS is handled by the load balancer, and they have a security policy specific to the case of needing to support legacy clients. Just go into your HTTPS listener on your load balancer, and switch to the "ELBSecurityPolicy-TLS-1-0-2015-04" security policy, and acknowledge the warning (you can change back to a more restrictive security policy when you aren't having to connect from a legacy client), and click the "Update" button.