tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: SSL connect to APR fails - "bad version"
Date Sun, 06 Nov 2011 13:15:31 GMT
Kobe wrote:
> I build tcnative and apr from src with exist ver of openssl (means openssl
> not
> build my me). I load apr connector in tomcat as below.
> 
> when my client connect, I cannot connect: i get "bad version". 
> please explain what I do wrong?
> 
> 
> server# ./apr-1-config  --version
> 1.4.5
> server#
> server# openssl version
> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
> server#
> 
> 
> 
>   /// APR Connector Configuration in Tomcat6
>  <Connector port="443"
>     protocol="org.apache.coyote.http11.Http11AprProtocol"
>     enableLookups="false" disableUploadTimeout="true"
>     acceptCount="100" scheme="https" secure="true"
>     SSLCertificateFile="server_certificate.pem"
>     SSLCertificateChainFile="cachain.pem"
>     SSLCertificateKeyFile="server.key"
>   />
> 
> 
> 
> 
> $ openssl s_client -connect server.xxx.net:443 -debug -ssl3
> CONNECTED(00000003)
> write to 0x100119470 [0x100815e00] (95 bytes => 95 (0x5F))
> 0000 - 16 03 00 00 5a 01 00 00-56 03 00 4e b5 d4 3e 2d   ....Z...V..N..>-
> 0010 - 57 eb 94 3c f8 0f a0 55-76 75 21 7c b3 f1 37 6f   W..<...Uvu!|..7o
> 0020 - 99 2b 68 7c 65 b7 c9 2c-f6 1f dd 00 00 2e 00 39   .+h|e..,.......9
> 0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f   .8.5.......3.2./
> 0040 - 00 9a 00 99 00 96 00 05-00 04 00 15 00 12 00 09   ................
> 0050 - 00 14 00 11 00 08 00 06-00 03 00 ff 02 01         ..............
> 005f - <SPACES/NULS>
> read from 0x100119470 [0x100811400] (5 bytes => 5 (0x5))
> 0000 - 48 54 54 50 2f                                    HTTP/
> write to 0x100119470 [0x10081b800] (7 bytes => 7 (0x7))
> 0000 - 15 03 00 00 02 02 28                              ......(
> 44414:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s3_pkt.c:293:
> $ 
> 
Hi.
I don't know if other members of this list will be as puzzled as I am, but it is not clear

to me what you are trying to achieve.
I mean that Tomcat is in principle a web server, normally answering web browser requests 
(via HTTP or HTTPS).  What are you trying to do when you access it with the above type of

client, and what are you sending to Tomcat, and why ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message