tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac
Date Tue, 13 Oct 2015 21:08:29 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

George and Aurélien,

On 10/13/15 5:06 PM, George Stanchev wrote:
> Try the dropbox location in my prev messages. It contains a sample 
> echo server you can use to test. It is a Visual Studio 2013
> project. In case you don’t have that, I've uploaded x64 executables
> under SSLServer_executbale.zip. It is pretty much self contained,
> it has the redist DLLs, the server cert, all...
> 
> It eliminates the need of IIS as it does the same thing - accept 
> connection, read payload, upgrade to 2 way ssl...
> 
> It generates output like this [1]
> 
> The line " Decrypt error from SCHANNEL, Client ID: 
> a1cefeb8-bad3-4903-8dbe-fdea347f666e" is emitted when bad record
> mac is caught on the server side...

On 10/13/15 4:55 PM, Aurélien Terrestris wrote:
> "How do you force Java 8 to use SSLv2Hello?"
> 
> You can do this when writing your own Java client : calling the 
> SSLSocketFactory to create an SSLSocket and configure with 
> setEnabledProtocols (
> 
https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSocket.html#s
etEnabledProtocols-java.lang.String:A-
> )
> 
> If you have some IIS server on internet which reproduces the
> problem, I'll try with JTouch ( jtouch.sourceforge.net ) or write a
> small client.

I've got a client already written. I'll post the latest code somewhere.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWHXLNAAoJEBzwKT+lPKRYCp4P+wZX2tiJ41FlRIYSK1sf7kAl
0yBJiFGDChNa8+zYvs5WYGcOFCQmBHXHepJTi7Zff3G0NrRcgEAS/Yo9yUjSFPBJ
R0kRoIUAwdeU882lhCkRulC8SyJZv6jq13NqUjYO9J4GACf58rweFfZcF5o/5RL8
rZ7ZSgXNj/VyXIilOKuZ3Ak6262X7qLnlhnSnXImSfZJND2PKf0l05cL4jrObtaA
mqWv/zuGdDfRKJgBWMo9oHxjGfe+c9NDIm18uFUf23hMbuX9bJImQ+LLAXgibUTk
eRuqr1igjAqqqnVPowDOLX/CKH7ikQ+ZygPvzFvztjeEXC4IhBj8hC/LjPG7tkfl
XNZVD0K1ryni0f/qWvyTL5MHGiJX1+zS6VFm3cYTif+FREvg1P4eGxAFIFwAHQgm
2Yz3N1+r8qJHnVSjQoDlbjPcB9ba2xDg+gMyryDTx0Zxc83qzVOfOdcMuHWgwqTD
5b9KlzdqLzhh7mXj9L5/+L2EomsehWayzM4PLv31QVrv1UzR3vA/6L64Pwe0n512
9VdDMgk3qX54RHetxpE63JYl9EtmWVaE1GxOb/ar1kPi4h08TTTvs2Vtxk3i+F8Y
sv1KLziEW1MsQg1l8Nvn++5GoLhTNJapra3FYBkpitK3AMObip3G7hOPIqdu/C8P
HtBxh5fmOEqYmDC2UB5c
=3OPW
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message