tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mudassir Aftab <withmudas...@gmail.com>
Subject Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47
Date Fri, 03 Jan 2014 00:24:18 GMT
I have also tried to apply following patch in tomcat native but it did not
helped.

https://issues.apache.org/bugzilla/attachment.cgi?id=30150

tomcat-native-1.1.29-src.tar.gz


On Fri, Jan 3, 2014 at 5:21 AM, Mudassir Aftab <withmudassir@gmail.com>wrote:

> Hi ,
>
> Thanks for reply,
>
> I am using following environment
>
> Description:    Ubuntu 12.04.3 LTS
> javac 1.7.0_45
> apache-tomcat-7.0.42.tar.gz
> apr-1.5.0.tar.gz
> tomcat-native-1.1.29-src.tar.gz
> openssl 1.0.1-4ubuntu5.10
>
> and this how i am configuring Tomcat Native
>
> ./configure --with-apr=/usr/local/apr/bin/apr-1-config
> --with-java-home=$JAVA_HOME --with-ssl=yes --prefix=$CATALINA_HOME
>
> export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/tomcat7/lib"
>
> Server.xml:
>
>    <Connector port="8443"  protocol="HTTP/1.1"
>            maxThreads="200"
>             sslProtocol="TLSv1" sslEnabledProtocols="TLSv1.2"
>            clientAuth="false"
>
>            scheme="https" secure="true" SSLEnabled="true"
>            SSLCertificateFile="/home/mudassir/cert.pem"
>            SSLCertificateKeyFile="/home/mudassir/cert-key.pem"
>            SSLCACertificateFile="/home/mudassir/CA.pem" />
>
> Regards,
> Mudassir Aftab
>
>
>
> On Fri, Jan 3, 2014 at 2:28 AM, Caldarale, Charles R <
> Chuck.Caldarale@unisys.com> wrote:
>
>> > From: Mudassir Aftab [mailto:withmudassir@gmail.com]
>> > Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47
>>
>> > I need TLSv1.2 support for tomcat
>>
>> That's available by default with current OpenSSL versions.
>>
>> > Also what will be the preferable connector settings ?
>>
>> Whatever you need them to be.  The values depend entirely on your
>> applications and environment.
>>
>> > I am using following connector in Apache Tomcat/7.0.42
>> > <Connector port="8443"
>>  . . .
>> >            sslEnabledProtocols="TLSv1.2"
>>
>> The above attribute is for the BIO and NIO connectors, not the APR one
>> you are using.  You should instead specify:
>>            SSLProtocol="TLSv1"
>> if you want to eliminate SSLv3 (but your client might not like that).
>>  You can also set SSLCipherSuite to avoid enabling insecure encryption
>> mechanisms (see
>> http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher).
>>
>> > An error occurred during a connection to confidential.com:8443. Cannot
>> > communicate securely with peer: no common encryption algorithm(s).
>>
>> This means the client you're using and your build of OpenSSL have nothing
>> in common.  Use Wireshark or tcpdump and determine just which protocols
>> your client is attempting to negotiate with, and insure that those are
>> enabled in your build of OpenSSL.
>>
>>  - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail and
>> its attachments from all computers.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message