tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <its_toas...@yahoo.com>
Subject Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47
Date Fri, 03 Jan 2014 23:48:58 GMT
On 1/3/2014 2:43 PM, Caldarale, Charles R wrote:
>> From: Mudassir Aftab [mailto:withmudassir@gmail.com] Subject: RE:
>> TLS is not working in 6.0.37, 7.0.42, 7.0.47
>
>> Again, we have to submit this as a bug.....TLS 1.2 is not working
>> in Tomcat
>
> The only evidence you have provided is that your single chosen cipher
> is not implemented by the version of Firefox you're using - which has
> nothing to do with Tomcat.  The TCP capture you provided is just text
> rather than a useful .pcap file, and no one's going to waste their
> time digging through raw bits when any decent protocol analyzer would
> do the job automatically.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
> PROPRIETARY MATERIAL and is thus for use only by the intended
> recipient. If you received this in error, please contact the sender
> and delete the e-mail and its attachments from all computers.

It's been years (more than I care to count) since I've read raw packet 
data, but at first glance I do not see the browser (172.16.50.10) 
initiating a TLSv1.2 Client Hello.

I'm looking at the following line:

0030  c0 0a c0 14 00 88 00 87 00 39 00 38 c0 0f c0 05   .........9.8....

I expect to see something like:

16 03 01

starting at octet 36. Instead, I see:

00 87 00

I don't know if that's because the information is encrypted, or what. 
However, it doesn't look like what I see when I aim Firefox 26.0 at an 
HTTPS site.

I don't know if gnome-wireshark is available for Ubuntu (I use Fedora or 
CentOS). If so, get that and look for the TLSv1.2 Client Hello coming 
from your browser. If it's not coming from your browser, then something 
else is wrong.

Are you addressing example.com with https://example.com:8443/ in your 
browser?

As has been pointed out, this is an all-volunteer list (taking a break 
from writing an RFP here). Making it difficult to answer questions 
(incorrect, incomplete, or difficult to parse information) will not 
encourage volunteers to step forth.

. . . . Friday night RFP response writing
/mde/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message