tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mudassir Aftab <withmudas...@gmail.com>
Subject Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47
Date Fri, 03 Jan 2014 00:21:04 GMT
Hi ,

Thanks for reply,

I am using following environment

Description:    Ubuntu 12.04.3 LTS
javac 1.7.0_45
apache-tomcat-7.0.42.tar.gz
apr-1.5.0.tar.gz
tomcat-native-1.1.29-src.tar.gz
openssl 1.0.1-4ubuntu5.10

and this how i am configuring Tomcat Native

./configure --with-apr=/usr/local/apr/bin/apr-1-config
--with-java-home=$JAVA_HOME --with-ssl=yes --prefix=$CATALINA_HOME

export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/tomcat7/lib"

Server.xml:
   <Connector port="8443"  protocol="HTTP/1.1"
           maxThreads="200"
           sslProtocol="TLSv1" sslEnabledProtocols="TLSv1.2"
           clientAuth="false"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/home/mudassir/cert.pem"
           SSLCertificateKeyFile="/home/mudassir/cert-key.pem"
           SSLCACertificateFile="/home/mudassir/CA.pem" />

Regards,
Mudassir Aftab



On Fri, Jan 3, 2014 at 2:28 AM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:

> > From: Mudassir Aftab [mailto:withmudassir@gmail.com]
> > Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47
>
> > I need TLSv1.2 support for tomcat
>
> That's available by default with current OpenSSL versions.
>
> > Also what will be the preferable connector settings ?
>
> Whatever you need them to be.  The values depend entirely on your
> applications and environment.
>
> > I am using following connector in Apache Tomcat/7.0.42
> > <Connector port="8443"
>  . . .
> >            sslEnabledProtocols="TLSv1.2"
>
> The above attribute is for the BIO and NIO connectors, not the APR one you
> are using.  You should instead specify:
>            SSLProtocol="TLSv1"
> if you want to eliminate SSLv3 (but your client might not like that).  You
> can also set SSLCipherSuite to avoid enabling insecure encryption
> mechanisms (see
> http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher).
>
> > An error occurred during a connection to confidential.com:8443. Cannot
> > communicate securely with peer: no common encryption algorithm(s).
>
> This means the client you're using and your build of OpenSSL have nothing
> in common.  Use Wireshark or tcpdump and determine just which protocols
> your client is attempting to negotiate with, and insure that those are
> enabled in your build of OpenSSL.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message