tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tsirkin Evgeny" <tsir...@gmail.com>
Subject Re: strange ssl tomcat response
Date Thu, 14 Dec 2006 10:34:28 GMT
On 12/14/06, Martin Heiden <martin.heiden@devk.de> wrote:

> It's pretty valid!


I don't think so.Just checked out the TLS rfc and found this (TLS ver. 1.0):

These goals are achieved by the handshake protocol, which can be
   summarized as follows: The client sends a client hello message to
   which the server must respond with a server hello message, or else a
   fatal error will occur and the connection will fail. The client hello
   and server hello are used to establish security enhancement
   capabilities between client and server. The client hello and server
   hello establish the following attributes: Protocol Version, Session
   ID, Cipher Suite, and Compression Method. Additionally, two random
   values are generated and exchanged: ClientHello.random and
   ServerHello.random.

As i see this if the client does not sends a hello message then server
should drop the
connection .So,if i am pointing my browser to ssl port using http scheme
,the connection
should be dropped.
 I think that most (non-java at least) servers works this way just try to
telnet to ssl port of
say gmail ,you get nothing.
I of course could be wrong,and that is for developers to decide .However
what i am
looking to be sure of, is that the strange bits are actually the server
hello and not
a bug/not cleaned buffer/security problem.
However ,if i understand correctly you can reproduce my results?
Is that right ?Do you use the same version of tomcat ?JVM?
Thanks for response.
Evgeny.


> regards
>
> Martin.
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message