Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D5D719484 for ; Wed, 9 Nov 2011 01:48:30 +0000 (UTC) Received: (qmail 48518 invoked by uid 500); 9 Nov 2011 01:48:27 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 48390 invoked by uid 500); 9 Nov 2011 01:48:27 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 48381 invoked by uid 99); 9 Nov 2011 01:48:27 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Nov 2011 01:48:27 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [76.96.59.243] (HELO qmta13.westchester.pa.mail.comcast.net) (76.96.59.243) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Nov 2011 01:48:16 +0000 Received: from omta20.westchester.pa.mail.comcast.net ([76.96.62.71]) by qmta13.westchester.pa.mail.comcast.net with comcast id upNh1h0061YDfWL5Dpnw3R; Wed, 09 Nov 2011 01:47:56 +0000 Received: from Christophers-MacBook-Pro.local ([208.181.48.10]) by omta20.westchester.pa.mail.comcast.net with comcast id upnn1h00s0DBW7C3gpnqVX; Wed, 09 Nov 2011 01:47:54 +0000 Message-ID: <4EB9DBBE.4010802@christopherschultz.net> Date: Tue, 08 Nov 2011 17:47:42 -0800 From: Christopher Schultz User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: SSL connect to APR fails - "bad version" References: <32788669.post@talk.nabble.com> <32805993.post@talk.nabble.com> In-Reply-To: <32805993.post@talk.nabble.com> X-Enigmail-Version: 1.3.2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kobe, On 11/8/11 2:01 PM, Kobe wrote: > thank for your help. here is more info on my setup: tomcat version > 6.0.29. And tomcat is startin clean; no ererors while loading. > > if I use tls1, I get same error as before ("bad version"). > > when i test with openssl s_client, I check line 293 of s3_pkt.c. it > say --> > > > if ((version>>8) != SSL3_VERSION_MAJOR) { > > SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto > err; } > > > > so client is wanting ssl version 3. But i have same error with > browser. i donot/cannot find what version browser wants - i Think > it is 3. Your web browser likely has SSL 2.0 disabled entirely. You should check which types of SSL/TLS are enabled. > So I am thinking, there is misconfigure on this server. i would > like to find why this server respond with SSLv2 ClientHello instead > of SSLv3 ClientHello. Why do you think you are getting an SSLv2 reply? > how do i find this misconfigurn? Are you using the same version of openssl as the "client" as you are using withing Tomcat? I wonder if the FIPS mode is tripping you up. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk65274ACgkQ9CaO5/Lv0PAcfwCeI/nP0CP5Y8Jj1q/1Im/9ef9Y tZQAnial2UmsG5FSBSkSclenImxf5YR+ =vgDW -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org