You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Robert La Ferla <ro...@o-ms.com> on 2010/10/15 18:58:53 UTC
SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be retried
using SSL 3.0.
When users connect to our Tomcat 6.0.29 using Google Chrome, they get
this warning when they click the security icon:
"The connection had to be retried using SSL 3.0. This typically means
that the server is using very old software and may have other security
issues."
Tomcat is configured using this:
<Connector port="xxx" address="xxxx" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="100" scheme="https" secure="true"
enableLooks="false" compression="on"
keystoreFile="xxxx/certificate.keystore" keystorePass="xxxx"
clientAuth="false" sslProtocol="TLS" />
I believe we are using OpenSSL 0.9.8f on Solaris 10. Not sure how to
tell which SSL library tomcat is using.
How do I fix this? We have to support multiple browser/versions: IE6,
IE7, IE8, FF, Chrome... so whatever solution should allow for this.
--
- --
Robert La Ferla
VP Engineering
OMS SafeHarbor
This message (and any attachments) contains confidential information and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, distribution, or the taking of any action based on this message, is strictly prohibited.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be retried
using SSL 3.0.
Posted by Mark Thomas <ma...@apache.org>.
On 15/10/2010 18:26, Robert La Ferla wrote:
> On 10/15/2010 1:14 PM, Mark Thomas wrote:
>> Those two statements are not consistent. Your connector config is for
>> JSSE, not OpenSSL.
>>
>> Tomcat uses TLS by default[1]. See [2] for other options for sslProtocol
>
> We are indeed using JSSE. The link for #2 just pointed at the general
> Java docs. What specific class did you intend to post a link to?
Grr. Frames. Grr.
http://download.oracle.com/javase/6/docs/technotes/guides//security/StandardNames.html
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be retried
using SSL 3.0.
Posted by Robert La Ferla <ro...@o-ms.com>.
On 10/15/2010 1:14 PM, Mark Thomas wrote:
> Those two statements are not consistent. Your connector config is for
> JSSE, not OpenSSL.
>
> Tomcat uses TLS by default[1]. See [2] for other options for sslProtocol
We are indeed using JSSE. The link for #2 just pointed at the general
Java docs. What specific class did you intend to post a link to?
--
- --
Robert La Ferla
VP Engineering
OMS SafeHarbor
This message (and any attachments) contains confidential information and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, distribution, or the taking of any action based on this message, is strictly prohibited.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be retried
using SSL 3.0.
Posted by Mark Thomas <ma...@apache.org>.
On 15/10/2010 17:58, Robert La Ferla wrote:
> When users connect to our Tomcat 6.0.29 using Google Chrome, they get
> this warning when they click the security icon:
>
> "The connection had to be retried using SSL 3.0. This typically means
> that the server is using very old software and may have other security
> issues."
>
> Tomcat is configured using this:
>
> <Connector port="xxx" address="xxxx" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="100" scheme="https" secure="true"
> enableLooks="false" compression="on"
> keystoreFile="xxxx/certificate.keystore" keystorePass="xxxx"
> clientAuth="false" sslProtocol="TLS" />
>
> I believe we are using OpenSSL 0.9.8f on Solaris 10. Not sure how to
> tell which SSL library tomcat is using.
Those two statements are not consistent. Your connector config is for
JSSE, not OpenSSL.
Tomcat uses TLS by default[1]. See [2] for other options for sslProtocol
Mark
[1] http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL_Support
[2] http://download.oracle.com/javase/6/docs/api/index.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be
retried using SSL 3.0.
Posted by Maximilian Stocker <ma...@talentoyster.com>.
Wrong reply. The second reply is from a Google employee and there links there to another thread on the subject.
If you are only having this problem with chrome then it may well be related to this. Clearing the cache etc won't help if the clients connections are being proxied, maybe.
If you are having problems with other browsers then just ignore this.
-----Original Message-----
From: Robert La Ferla [mailto:robert.laferla@o-ms.com]
Sent: Friday, October 15, 2010 1:25 PM
To: users@tomcat.apache.org
Subject: Re: SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be retried using SSL 3.0.
On 10/15/2010 1:12 PM, Maximilian Stocker wrote:
> There are some issues with Chrome regarding SSL, essentially Chrome is more restrictive than other browsers and will get upset with proxied connections etc.
>
> For example http://www.google.com/support/forum/p/Chrome/thread?tid=6cbb881fc85406f4&hl=en
>
> Especially see reply #2 there. Are you sure that your problem isn't related to that?
I did clear all my Chrome settings and restarted Chrome. I am using
Chrome 6.0.472.63 on Windows XP. Unless I'm looking at the wrong reply?
--
- --
Robert La Ferla
VP Engineering
OMS SafeHarbor
This message (and any attachments) contains confidential information and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, distribution, or the taking of any action based on this message, is strictly prohibited.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be retried
using SSL 3.0.
Posted by Robert La Ferla <ro...@o-ms.com>.
On 10/15/2010 1:12 PM, Maximilian Stocker wrote:
> There are some issues with Chrome regarding SSL, essentially Chrome is more restrictive than other browsers and will get upset with proxied connections etc.
>
> For example http://www.google.com/support/forum/p/Chrome/thread?tid=6cbb881fc85406f4&hl=en
>
> Especially see reply #2 there. Are you sure that your problem isn't related to that?
I did clear all my Chrome settings and restarted Chrome. I am using
Chrome 6.0.472.63 on Windows XP. Unless I'm looking at the wrong reply?
--
- --
Robert La Ferla
VP Engineering
OMS SafeHarbor
This message (and any attachments) contains confidential information and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, distribution, or the taking of any action based on this message, is strictly prohibited.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be
retried using SSL 3.0.
Posted by Maximilian Stocker <ma...@talentoyster.com>.
There are some issues with Chrome regarding SSL, essentially Chrome is more restrictive than other browsers and will get upset with proxied connections etc.
For example http://www.google.com/support/forum/p/Chrome/thread?tid=6cbb881fc85406f4&hl=en
Especially see reply #2 there. Are you sure that your problem isn't related to that?
-----Original Message-----
From: Robert La Ferla [mailto:robert.laferla@o-ms.com]
Sent: Friday, October 15, 2010 12:59 PM
To: Tomcat Users List
Subject: SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be retried using SSL 3.0.
When users connect to our Tomcat 6.0.29 using Google Chrome, they get
this warning when they click the security icon:
"The connection had to be retried using SSL 3.0. This typically means
that the server is using very old software and may have other security
issues."
Tomcat is configured using this:
<Connector port="xxx" address="xxxx" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="100" scheme="https" secure="true"
enableLooks="false" compression="on"
keystoreFile="xxxx/certificate.keystore" keystorePass="xxxx"
clientAuth="false" sslProtocol="TLS" />
I believe we are using OpenSSL 0.9.8f on Solaris 10. Not sure how to
tell which SSL library tomcat is using.
How do I fix this? We have to support multiple browser/versions: IE6,
IE7, IE8, FF, Chrome... so whatever solution should allow for this.
--
- --
Robert La Ferla
VP Engineering
OMS SafeHarbor
This message (and any attachments) contains confidential information and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, distribution, or the taking of any action based on this message, is strictly prohibited.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org