tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Spengler" <andr...@spengler-netz.de>
Subject Handshake problem with Tomcat 6.0.16 on IBM JDK5 / AIX
Date Wed, 04 Jun 2008 09:19:10 GMT
Hi,

I am trying to setup a Tomcat 6.0.16.0/Axis2 1.3 combination using HTTPS
connectivity. The machine is running on AIX with an IBM JDK5...

After configuring HTTPS in server.xml by:

    <Connector port="8080" connectionTimeout="20000" scheme="https"
     secure="true" debug="10" SSLEnabled="true" algorithm="IbmX509"
     keystoreFile="conf/keystore" keystorePass="emagine" clientAuth="false"
     maxHttpHeaderSize="8192" allowTrace="true" alias="tomcat"
     truststoreFile="conf/keystore" truststorePass="emagine" />

The keystore is properly generated and gets read upon Tomcat starting up:

----------------------------------------------------------------------------
***
found key for : tomcat
chain [0] = [
[
  Version: V3
  Subject: CN=hostname, OU=Unknown, O=Some Company, L=Frankfurt,
ST=Germany, C=DE
  Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4.3

  Key:  IBMJCE DSA Public Key:
1101875205480948287113762571182603954171081492294072340935647672002184786011003216506042732219085256508724886035809875598372032797071912523681226049632332697
29313007298780303022913848325612157676219396023035090034471325854025863722427785141790280802270182659236245978325266744766279713673387084071498707580084

  Validity: [From: Wed Jun 04 09:46:09 GMT+01:00 2008,
               To: Thu Jun 04 09:46:09 GMT+01:00 2009]
  Issuer: CN=hostname, OU=Unknown, O=Some Company, L=Frankfurt,
ST=Germany, C=DE
  SerialNumber: [1212569169]

]
  Algorithm: [SHA1withDSA]
  Signature:
0000: 30 2c 02 14 7b 08 ac 5d  5c ac de 55 7d e6 46 22  0..........U..F.
0010: 61 e1 e1 94 ca c6 63 01  02 14 2e 01 af 24 e8 c8  a.....c.........
0020: 98 8d 9e dc 0d 6d c9 75  f5 ea fc 10 a6 34        .....m.u.....4

]
----------------------------------------------------------------------------

I tried accessing the server under https://hostname:8080/ and keep getting
the following error in catalina.out (Firefox reports not being able to
find common encryption algorithms):

----------------------------------------------------------------------------
http-8080-1, setSoTimeout(20000) called
http-8080-1, READ:  SSL v2, contentType = Handshake, translated length = 83
*** ClientHello, SSLv3
RandomCookie:  GMT: 0 bytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 37,
165, 36, 210, 22, 2, 241, 22, 187, 73, 139, 255, 223, 69, 154, 9 }
Session ID:  {}
Cipher Suites: [SSL_DHE_RSA_WITH_AES_256_CBC_SHA,
SSL_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA,
SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT1024_WITH_RC4_56_SHA,
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5]
Compression Methods:  { 0 }
***
http-8080-1, SEND TLSv1 ALERT:  fatal, description = handshake_failure
http-8080-1, WRITE: TLSv1 Alert, length = 2
http-8080-1, called closeSocket()
http-8080-1, handling exception: javax.net.ssl.SSLHandshakeException:
Client requested protocol SSLv3 not enabled or not supported
http-8080-1, called close()
http-8080-1, called closeInternal(true)
----------------------------------------------------------------------------


Changing the SSL protocols used in Firefox did not help at all...

I am at my wits end here and would really appreciate any help.

Rgds,

Andreas




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message