tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac
Date Tue, 13 Oct 2015 21:24:36 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

On 10/13/15 5:08 PM, Christopher Schultz wrote:
> George and Aurélien,
> 
> On 10/13/15 5:06 PM, George Stanchev wrote:
>> Try the dropbox location in my prev messages. It contains a
>> sample echo server you can use to test. It is a Visual Studio
>> 2013 project. In case you don’t have that, I've uploaded x64
>> executables under SSLServer_executbale.zip. It is pretty much
>> self contained, it has the redist DLLs, the server cert, all...
> 
>> It eliminates the need of IIS as it does the same thing - accept
>>  connection, read payload, upgrade to 2 way ssl...
> 
>> It generates output like this [1]
> 
>> The line " Decrypt error from SCHANNEL, Client ID: 
>> a1cefeb8-bad3-4903-8dbe-fdea347f666e" is emitted when bad record 
>> mac is caught on the server side...
> 
> On 10/13/15 4:55 PM, Aurélien Terrestris wrote:
>> "How do you force Java 8 to use SSLv2Hello?"
> 
>> You can do this when writing your own Java client : calling the 
>> SSLSocketFactory to create an SSLSocket and configure with 
>> setEnabledProtocols (
> 
> https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSocket.html
#s
>
> 
etEnabledProtocols-java.lang.String:A-
>> )
> 
>> If you have some IIS server on internet which reproduces the 
>> problem, I'll try with JTouch ( jtouch.sourceforge.net ) or write
>> a small client.
> 
> I've got a client already written. I'll post the latest code
> somewhere.

https://wiki.apache.org/tomcat/tools/SSLTest.java
and
https://wiki.apache.org/tomcat/tools/SSLUtils.java

This tool only performs the SSL handshake, so it doesn't do anything
at the HTTP level. It doesn't do client certificates; I'd be happy to
see someone add that capability and update the code on the Wiki.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWHXaUAAoJEBzwKT+lPKRYTgcQAKdzEBtjLyCbkBBlJJObUxm0
dxAhLIFfBkcmo0IquMUJBnCHJ9hfuuhnXDvzLhvvAhfoiG8CkGfcjw79LwcL49iO
+eAuz1bycFvfSoVW+ZEPIXl13n4v+t2hBYfGJJgcYefOBJBfIGLHTazmi53F9vfn
zrnno6wRZkZ+JrFrzSlfMMvWnOE7Uv5ZDKw/8tv85ZTPuIIdIud8Uy0Z5J3HHgYx
t5WBL3JaqLcUihIUUuibSfmw27iyfKPv6OusoVPKc9pKb+uWoLftyE4d4btVTFEV
qDAdmW3XaA/1GHZ3n5szHND+EkdKkiiic7mHRgsN+4F/AH3KVoWs9+Qw9vOhO+da
XgeehuKB1nfnNrhI1n4eEoYC+P162GxVqNKIsKFat38BGEZlCRaAt8UtsfhE0AvO
2gaF1k1vyYcCoXhNYF9WQLatnx1MXeAZMYw3oAZPOusDoqtGElCJfYc1K8iJayEl
bBzYojkzLjFqPfJJ8tvCqBwkngNCw6MgyqVbYSMxDREQtZBa2xYGLHv9bWL0Kp+6
Q5Y3u4uks7OCGH+Usfvq82ZGnp6mnneA2jgAd0KWSJDjKcaNUWQVOirPVTFnpNmh
+dUZUM/gR1CIQHoiu8i8NH9qn2jtBtDvnYRWswzJlt9tOpaxPQWwdBL86gj4cWHp
aGwTUveYwOgLokoEUXHO
=Iha7
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message