bnoordhuis
commented
3 years ago If it helps: rustls doesn't support TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 but it does support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (CBC vs. GCM) - presumably that's a one-line change in a tomcat config file somewhere?
Here are all the supported ciphers: https://github.com/ctz/rustls/blob/bad9bd7454/rustls/src/suites.rs#L379-L390
According to https://www.ssllabs.com/ssltest/analyze.html?d=citeseerx.ist.psu.edu all supported ciphers are either weak or insecure:
Some libraries and runtimes deliberately don't support such ciphers, so it is not possible to access the site via HTTPS using those libraries and runtimes. E.g., it is not possible with rustls and Deno (https://github.com/denoland/deno/issues/10447).