tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mudassir Aftab <withmudas...@gmail.com>
Subject Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47
Date Fri, 03 Jan 2014 14:55:31 GMT
also following setting is working for TLS v1 but not with TLS v1.2, so its
a bug !!! ....



<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
           maxThreads="200"
           clientAuth="false"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/home/mudassir/certs/ca.pem"
           SSLCertificateKeyFile="/home/mudassir/certs/k.key" />



On Fri, Jan 3, 2014 at 6:56 PM, Mudassir Aftab <withmudassir@gmail.com>wrote:

> HI,
>
> That was just typo error but on system it is fine and i am keep checking
> logs, no warning in it
>
> also what about following post
>
>
> I just also took interest to dig this issue.
>
> The Document which you were referring
> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native,
> is clearly stated that only SSLv2, SSLv3, TLSv1 is support by SSLProtocol
> Attribute.
>
> SSLCipherSuite will only be supported cipher available in SSLv2,SSLv3,
> TLSV1.
>
> TLSv1.1 and TLSV1.2 supported Cipher can't be invoked until TLSv1.1 and
> TLSv1.2 is enabled.see the supported Cipher list on TLSV1.2 on openssl
> link. http://www.openssl.org/docs/apps/ciphers.html#TLS_v1_2_cipher_suites
>
> I am happy to see if someone enabled below ciphers without enabling the
> TLSv1.2
>
>  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    ECDH-ECDSA-AES128-SHA256
>  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    ECDH-ECDSA-AES256-SHA384
>  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    ECDH-ECDSA-AES128-GCM-SHA256
>  TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    ECDH-ECDSA-AES256-GCM-SHA384
>
>
>
>
> On Fri, Jan 3, 2014 at 6:00 PM, David kerber <dckerber@verizon.net> wrote:
>
>> On 1/3/2014 3:28 AM, Mudassir Aftab wrote:
>>
>>> Hi,
>>>
>>> Sorry for asking u same thing again and again, i have tried many things
>>> from above document, but nothing works for me, also no errors in the log
>>>
>>>     <Connector port="8443"
>>> protocol="org.apache.coyote.http11.Http11AprProtocol"
>>>             maxThreads="200"
>>>             clientAuth="false"
>>>             ciphers="ECDH-ECDSA-AES128-GCM-SHA256"
>>>             scheme="https" secure="true" SSLEnabled="true"
>>>             SSLCertificateFile="/home/mudassir/pay/p.pem"
>>>             SSLCertificateKeyFile="/home/mudassir/p-key.pem"
>>>             SSLCACertificateFile="/home/mudassir/AdminCA1.pem" />
>>>
>>>    SSCipherSuit="ECDH-ECDSA-AES128-GCM-SHA256"
>>>
>>> I really appreciate your help
>>>
>>>
>> If what you list here is what is really in your config file, you're not
>> proofreading your configuration entries very well.  You have SSLCipherSuite
>> misspelled (two missing letters), and it's not inside the connector
>> configuration entry.
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message