tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: SSL connect to APR fails - "bad version"
Date Wed, 09 Nov 2011 08:24:17 GMT
Kobe,
nothing is wrong. It was just my lack of familiarity with the SSL client that was the 
cause of my puzzlement.  Konstantin's answer already cleared that up for me.

I was just wondering what you were trying to do, connecting to Tomcat with a command-line

client, and you did not provide a lot of contextual information along with your question,

to explain that.  Had you for example added a phrase like "To check that the SSL 
connection is working, I am trying to connect to Tomcat's SSL Connector using the OpenSSL

command-line client, and the answer I am getting is this : ..", things would have been 
clearer, even for me.

You see, on the list we get all kinds of questions, from all kinds of people.
Sometimes posters here try to have Tomcat serve the morning coffee, and wonder why it 
doesn't work.  Sometimes they seem to think that this is the Apache httpd or Weblogic 
support list.

André


Kobe wrote:
> Actually, whether it be webaccess or webservice access, i not follow
> your confusion. pleas explain why this is wrong.
> 
> /Kobe
> 
> Kobe wrote:
>> Tomcat is also a servlet container and may be used to host web services.
>> That is the case here. the web service client is hosted in a BEA weblogic
>> server
>> and attempts to connect to the web service over SSL.
>>
>> /Kobe
>>
>>
>> awarnier wrote:
>>> Kobe wrote:
>>>> I build tcnative and apr from src with exist ver of openssl (means
>>>> openssl
>>>> not
>>>> build my me). I load apr connector in tomcat as below.
>>>>
>>>> when my client connect, I cannot connect: i get "bad version". 
>>>> please explain what I do wrong?
>>>>
>>>>
>>>> server# ./apr-1-config  --version
>>>> 1.4.5
>>>> server#
>>>> server# openssl version
>>>> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
>>>> server#
>>>>
>>>>
>>>>
>>>>   /// APR Connector Configuration in Tomcat6
>>>>  <Connector port="443"
>>>>     protocol="org.apache.coyote.http11.Http11AprProtocol"
>>>>     enableLookups="false" disableUploadTimeout="true"
>>>>     acceptCount="100" scheme="https" secure="true"
>>>>     SSLCertificateFile="server_certificate.pem"
>>>>     SSLCertificateChainFile="cachain.pem"
>>>>     SSLCertificateKeyFile="server.key"
>>>>   />
>>>>
>>>>
>>>>
>>>>
>>>> $ openssl s_client -connect server.xxx.net:443 -debug -ssl3
>>>> CONNECTED(00000003)
>>>> write to 0x100119470 [0x100815e00] (95 bytes => 95 (0x5F))
>>>> 0000 - 16 03 00 00 5a 01 00 00-56 03 00 4e b5 d4 3e 2d  
>>>> ....Z...V..N..>-
>>>> 0010 - 57 eb 94 3c f8 0f a0 55-76 75 21 7c b3 f1 37 6f  
>>>> W..<...Uvu!|..7o
>>>> 0020 - 99 2b 68 7c 65 b7 c9 2c-f6 1f dd 00 00 2e 00 39  
>>>> .+h|e..,.......9
>>>> 0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f  
>>>> .8.5.......3.2./
>>>> 0040 - 00 9a 00 99 00 96 00 05-00 04 00 15 00 12 00 09  
>>>> ................
>>>> 0050 - 00 14 00 11 00 08 00 06-00 03 00 ff 02 01         ..............
>>>> 005f - <SPACES/NULS>
>>>> read from 0x100119470 [0x100811400] (5 bytes => 5 (0x5))
>>>> 0000 - 48 54 54 50 2f                                    HTTP/
>>>> write to 0x100119470 [0x10081b800] (7 bytes => 7 (0x7))
>>>> 0000 - 15 03 00 00 02 02 28                              ......(
>>>> 44414:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
>>>> number:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s3_pkt.c:293:
>>>> $ 
>>>>
>>> Hi.
>>> I don't know if other members of this list will be as puzzled as I am,
>>> but it is not clear 
>>> to me what you are trying to achieve.
>>> I mean that Tomcat is in principle a web server, normally answering web
>>> browser requests 
>>> (via HTTP or HTTPS).  What are you trying to do when you access it with
>>> the above type of 
>>> client, and what are you sending to Tomcat, and why ?
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message