How to configure Tomcat TLS protocols for BusinessObjects

Hi,

Hopefully someone can point me in the right direction. My goal is to enable TLS 1.1 and TLS 1.2 protocols for use with the BO launchpad.

BusinessObjects BI Platform 4.1 SP5 patch 3 on Tomcat 7.0.55 (installed with BusinessObjects).

With the configuration below it works, but the certificate information in Chrome says it connected with the TLS 1.0 protocol and it looks like this is the only protocol that works in this configuration.

<!-- Define a SSL HTTP/1.1 Connector on port 8443

         This connector uses the JSSE configuration, when using APR, the

         connector should be using the OpenSSL style configuration

         described in the APR documentation -->

<Connector port="443"

protocol="org.apache.coyote.http11.Http11NioProtocol"

SSLEnabled="true"

keystoreFile="D:\certificate\keystore.jks"

keystorePass="changeit"

maxThreads="150"

scheme="https"

secure="true"

clientAuth="false"

sslProtocol="TLS"

sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,

TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

/>

When I remove the TLSv1 from sslEnabledProtocols it gives the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chrome or This page can't be displayed - Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to again. TLS 1.1 and TLS 1.2 is enabled ofcourse.

So it might be the ciphers that are not correct, but I'm not sure what would/could be wrong with them. Extensive googling leaves me going round in circles. I tried changing the sslProtocol to use TLSv1.2 and different combinations of ciphers that I got from different sites, but no luck.

sources used:

https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

http://grokbase.com/t/tomcat/users/1335h2v5bg/how-to-allow-only-tls-1-1-connections-to-tomcat-6-0-server-with-https

https://blog.eveoh.nl/2014/02/tls-ssl-ciphers-pfs-tomcat/

http://service.sap.com/sap/support/notes/2128924

Thanks for any advice in how to solve this.

Best regards,

Jesse