tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Problems w/ TLS (record-splitting)
Date Tue, 10 Apr 2012 21:53:58 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gregor,

On 4/10/12 3:57 PM, Gregor S. wrote:
> Since this is a *sic* "managed server", I don't have root-access,
> so I can only guess regarding the version of the APR (it's the one
> from the packages, but AFAIK the APR has been stable since quite a
> while, so I assume it should be the latest one.

I just added dumping version numbers for both APR and OpenSSL to
catalina.out on startup. I've proposed them for back-porting to 6.0.x,
so you might have to wait a bit.

> As for the connector, I'm using the http-connector with 
> OpenSSL-extension as described here:
> 
> http://tomcat.apache.org/tomcat-6.0-doc/apr.html
> 
> I'm using mainly the defaults apart from the SSL-cert-filenames

Okay, so you're sure you're using APR and OpenSSL (otherwise, the SSL
setup wouldn't work properly with the SSLCertificateFilename and stuff
like that).

> Unfortunately I can post the complete connector-def tomorrow
> earliest since I'm not in the office any more, but will do as soon
> as I'm on my desk.

I think this may come down to the exact version of OpenSSL and/or APR
(probably OpenSSL) that you have. You may have to upgrade in order to
accept connections from these clients :(

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+Eq/YACgkQ9CaO5/Lv0PAPPwCeJiOjhLd0uwb6mbn65OwBgrBQ
tHUAnAqxzcP7DvIx+0ECj57PSQEx7Yvb
=FJ7k
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message