Hybris Commerce ERR SSL版本或CIPHER MISMATCH

Question

我用OpenSSL创建了一个证书

openssl genrsa -des3 -out server.key 2048
openssl rsa -in server.key -out server.key
openssl req -new -key server.key -out server.csr
keytool -import -trustcacerts -alias server.key -file server.crt -keystore

并将keystore.jks放入${catalina.home}/lib/

server.xml中

<Connector port="9002"
                          maxHttpHeaderSize="8192"
                          maxPostSize="4194304"
              maxThreads="150"
              protocol="org.apache.coyote.http11.Http11Protocol"
              executor="hybrisExecutor"
              enableLookups="false"
              acceptCount="100"
              connectionTimeout="20000"
              disableUploadTimeout="true"
              URIEncoding="UTF-8"
              SSLEnabled="true"
                                       scheme="https"
                                       secure="true"
                                       clientAuth="false"
                               sslProtocol = "TLS"
                               sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"

                               keystoreFile="${catalina.home}/lib/keystore.jks"
                               keystorePass="123456"

在Chrome上，它会出现以下错误：

This site can’t provide a secure connection
13.236.191.242 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.

curl -Iv https://11.231.191.212:9001/

Trying 11.231.191.212...
TCP_NODELAY set
Connected to 11.231.191.212 (11.231.191.212) port 9001 (#0)
schannel: SSL/TLS connection with 11.231.191.212 port 9001 (step 1/3)
schannel: checking server certificate revocation
schannel: using IP address, SNI is not supported by OS.
schannel: sending initial handshake data: sending 156 bytes...
schannel: sent initial handshake data: sent 156 bytes
schannel: SSL/TLS connection with 11.231.191.212 port 9001 (step 2/3)
schannel: failed to receive handshake, need more data