You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Mudassir Aftab <wi...@gmail.com> on 2014/01/02 07:12:02 UTC

Tomcat TLS 1.2 Issue

I need TLSv1.2 support for tomcat, can any one help me by providing
TLS v1.2 patch, also where should i actually apply the patch, in JDK /
Tomcat / Tomcat Native ??
Also what will be the preferable connector settings ?

I am using following connector in Apache Tomcat/7.0.42

<Connector port="8443"
           protocol="HTTP/1.1"
           maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/home/mudassir/pay/p.pem"
           SSLCertificateKeyFile="/home/mudassir/p/p-key.pem"
           sslEnabledProtocols="TLSv1.2"
           SSLCACertificateFile="/home/mudassir/p/AdminCA1.pem" />

An error occurred during a connection to confidential.com:8443. Cannot
communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)


CRITICAL - Cannot make SSL connection
140441642727072:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:724:
HTTP CRITICAL - Error on receive
root@confidential:/opt/tomcat7#

I have tried 7.0.42 . 7.0.47 ,6.0.36 and 6.0.37 but nothing helped me
yet. Can you please help me on this ?

tcp        0      0 0.0.0.0:8443            0.0.0.0:*
LISTEN      9757/java

Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.27 using APR
version 1.4.6.
Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener
initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1e 11 Feb 2013)
Jan 01, 2014 5:37:55 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8443"]
Jan 01, 2014 5:37:55 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
Jan 01, 2014 5:37:55 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2588 ms
Jan 01, 2014 5:37:55 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jan 01, 2014 5:37:55 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.42
Jan 01, 2014 5:37:55 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /opt/tomcat7/webapps/confidential.war
Jan 01, 2014 5:37:59 PM org.hibernate.annotations.common.Version <clinit>
INFO: HCANN000001: Hibernate Commons Annotations {4.0.2.Final}
Jan 01, 2014 5:37:59 PM org.hibernate.Version logVersion
INFO: HHH000412: Hibernate Core {4.2.4.Final}
Jan 01, 2014 5:37:59 PM org.hibernate.cfg.Environment <clinit>

RE: Tomcat TLS 1.2 Issue

Posted by "Caldarale, Charles R" <Ch...@unisys.com>.

> From: Mudassir Aftab [mailto:withmudassir@gmail.com] 
> Subject: Tomcat TLS 1.2 Issue

> I need TLSv1.2 support for tomcat

Again, you are using the wrong mechanism to present queries about how to configure and use Tomcat.  You should post this on the users' mailing list, not the development one.  You will also need to supply basic environment information, such as the JVM version in use and the platform you're running on.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org