tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maximilian Stocker <...@talentoyster.com>
Subject RE: SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be retried using SSL 3.0.
Date Fri, 15 Oct 2010 17:12:20 GMT
There are some issues with Chrome regarding SSL, essentially Chrome is more restrictive than
other browsers and will get upset with proxied connections etc.

For example http://www.google.com/support/forum/p/Chrome/thread?tid=6cbb881fc85406f4&hl=en

Especially see reply #2 there. Are you sure that your problem isn't related to that?

-----Original Message-----
From: Robert La Ferla [mailto:robert.laferla@o-ms.com]
Sent: Friday, October 15, 2010 12:59 PM
To: Tomcat Users List
Subject: SSL/TLS, Tomcat 6.0.29 and Chrome: The connection had to be retried using SSL 3.0.

  When users connect to our Tomcat 6.0.29 using Google Chrome, they get
this warning when they click the security icon:

"The connection had to be retried using SSL 3.0.  This typically means
that the server is using very old software and may have other security
issues."

Tomcat is configured using this:

<Connector port="xxx" address="xxxx" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="100" scheme="https" secure="true"
enableLooks="false" compression="on"
                keystoreFile="xxxx/certificate.keystore" keystorePass="xxxx"
                clientAuth="false" sslProtocol="TLS" />

I believe we are using  OpenSSL 0.9.8f on Solaris 10.  Not sure how to
tell which SSL library tomcat is using.

How do I fix this?  We have to support multiple browser/versions: IE6,
IE7, IE8, FF, Chrome...  so whatever solution should allow for this.


--
- --
Robert La Ferla
VP Engineering
OMS SafeHarbor

This message (and any attachments) contains confidential information and is protected by law.
 If you are not the intended recipient, you should delete this message and are hereby notified
that any disclosure, copying, distribution, or the taking of any action based on this message,
is strictly prohibited.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message