tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47
Date Thu, 02 Jan 2014 21:28:04 GMT
> From: Mudassir Aftab [mailto:withmudassir@gmail.com] 
> Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47

> I need TLSv1.2 support for tomcat

That's available by default with current OpenSSL versions.

> Also what will be the preferable connector settings ?

Whatever you need them to be.  The values depend entirely on your applications and environment.

> I am using following connector in Apache Tomcat/7.0.42
> <Connector port="8443"
 . . .
>            sslEnabledProtocols="TLSv1.2"

The above attribute is for the BIO and NIO connectors, not the APR one you are using.  You
should instead specify:
           SSLProtocol="TLSv1"
if you want to eliminate SSLv3 (but your client might not like that).  You can also set SSLCipherSuite
to avoid enabling insecure encryption mechanisms (see http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher).

> An error occurred during a connection to confidential.com:8443. Cannot
> communicate securely with peer: no common encryption algorithm(s).

This means the client you're using and your build of OpenSSL have nothing in common.  Use
Wireshark or tcpdump and determine just which protocols your client is attempting to negotiate
with, and insure that those are enabled in your build of OpenSSL.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message