tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: SSL connect to APR fails - "bad version"
Date Wed, 09 Nov 2011 01:47:42 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kobe,

On 11/8/11 2:01 PM, Kobe wrote:
> thank for your help. here is more info on my setup: tomcat version
> 6.0.29. And tomcat is startin clean; no ererors while loading.
> 
> if I use tls1, I get same error as before ("bad version").
> 
> when i test with openssl s_client, I check line 293 of s3_pkt.c. it
> say -->
> 
> 
> if ((version>>8) != SSL3_VERSION_MAJOR) {
> 
> SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto
> err; }
> 
> 
> 
> so client is wanting ssl version 3. But i have same error with
> browser. i donot/cannot find what version browser wants - i Think
> it is 3.

Your web browser likely has SSL 2.0 disabled entirely. You should
check which types of SSL/TLS are enabled.

> So I am thinking, there is misconfigure on this server. i would
> like to find why this server respond with SSLv2 ClientHello instead
> of SSLv3 ClientHello.

Why do you think you are getting an SSLv2 reply?

> how do i find this misconfigurn?

Are you using the same version of openssl as the "client" as you are
using withing Tomcat? I wonder if the FIPS mode is tripping you up.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk65274ACgkQ9CaO5/Lv0PAcfwCeI/nP0CP5Y8Jj1q/1Im/9ef9Y
tZQAnial2UmsG5FSBSkSclenImxf5YR+
=vgDW
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message