Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8CA1E18EC9 for ; Tue, 13 Oct 2015 21:09:00 +0000 (UTC) Received: (qmail 16581 invoked by uid 500); 13 Oct 2015 21:08:58 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 16521 invoked by uid 500); 13 Oct 2015 21:08:58 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 16510 invoked by uid 99); 13 Oct 2015 21:08:58 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Oct 2015 21:08:58 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 892D3C5DB5 for ; Tue, 13 Oct 2015 21:08:57 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.001 X-Spam-Level: * X-Spam-Status: No, score=1.001 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id xDU91q2g7bas for ; Tue, 13 Oct 2015 21:08:45 +0000 (UTC) Received: from vms173021pub.verizon.net (vms173021pub.verizon.net [206.46.173.21]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id 4E52D2102B for ; Tue, 13 Oct 2015 21:08:45 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 8BIT Content-type: text/plain; charset=utf-8 Received: from Christophers-MacBook-Pro.local ([71.127.40.115]) by vms173021.mailsrvcs.net (Oracle Communications Messaging Server 7.0.5.32.0 64bit (built Jul 16 2014)) with ESMTPA id <0NW6008UUG259Y20@vms173021.mailsrvcs.net> for users@tomcat.apache.org; Tue, 13 Oct 2015 16:08:29 -0500 (CDT) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=WcjxEBVX c=1 sm=1 tr=0 a=tVXBnewmVzifmTgg5+7jYA==:117 a=-57I09spAAAA:8 a=oR5dmqMzAAAA:8 a=IkcTkHD0fZMA:10 a=5lJygRwiOn0A:10 a=yPCof4ZbAAAA:8 a=FP58Ms26AAAA:8 a=j4nzMFrpAAAA:8 a=Je9RX-fyTKsfir1j9N8A:9 a=QEXdDO2ut3YA:10 a=qh8BtrUG0gIA:10 Subject: Re: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac To: Tomcat Users List References: <55E0BA68.9090800@christopherschultz.net> <55E48B9D.5040102@christopherschultz.net> <561D0A37.6080906@christopherschultz.net> <561D636E.7070805@christopherschultz.net> From: Christopher Schultz Message-id: <561D72CD.1010608@christopherschultz.net> Date: Tue, 13 Oct 2015 17:08:29 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 In-reply-to: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 George and Aurélien, On 10/13/15 5:06 PM, George Stanchev wrote: > Try the dropbox location in my prev messages. It contains a sample > echo server you can use to test. It is a Visual Studio 2013 > project. In case you don’t have that, I've uploaded x64 executables > under SSLServer_executbale.zip. It is pretty much self contained, > it has the redist DLLs, the server cert, all... > > It eliminates the need of IIS as it does the same thing - accept > connection, read payload, upgrade to 2 way ssl... > > It generates output like this [1] > > The line " Decrypt error from SCHANNEL, Client ID: > a1cefeb8-bad3-4903-8dbe-fdea347f666e" is emitted when bad record > mac is caught on the server side... On 10/13/15 4:55 PM, Aurélien Terrestris wrote: > "How do you force Java 8 to use SSLv2Hello?" > > You can do this when writing your own Java client : calling the > SSLSocketFactory to create an SSLSocket and configure with > setEnabledProtocols ( > https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSocket.html#s etEnabledProtocols-java.lang.String:A- > ) > > If you have some IIS server on internet which reproduces the > problem, I'll try with JTouch ( jtouch.sourceforge.net ) or write a > small client. I've got a client already written. I'll post the latest code somewhere. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWHXLNAAoJEBzwKT+lPKRYCp4P+wZX2tiJ41FlRIYSK1sf7kAl 0yBJiFGDChNa8+zYvs5WYGcOFCQmBHXHepJTi7Zff3G0NrRcgEAS/Yo9yUjSFPBJ R0kRoIUAwdeU882lhCkRulC8SyJZv6jq13NqUjYO9J4GACf58rweFfZcF5o/5RL8 rZ7ZSgXNj/VyXIilOKuZ3Ak6262X7qLnlhnSnXImSfZJND2PKf0l05cL4jrObtaA mqWv/zuGdDfRKJgBWMo9oHxjGfe+c9NDIm18uFUf23hMbuX9bJImQ+LLAXgibUTk eRuqr1igjAqqqnVPowDOLX/CKH7ikQ+ZygPvzFvztjeEXC4IhBj8hC/LjPG7tkfl XNZVD0K1ryni0f/qWvyTL5MHGiJX1+zS6VFm3cYTif+FREvg1P4eGxAFIFwAHQgm 2Yz3N1+r8qJHnVSjQoDlbjPcB9ba2xDg+gMyryDTx0Zxc83qzVOfOdcMuHWgwqTD 5b9KlzdqLzhh7mXj9L5/+L2EomsehWayzM4PLv31QVrv1UzR3vA/6L64Pwe0n512 9VdDMgk3qX54RHetxpE63JYl9EtmWVaE1GxOb/ar1kPi4h08TTTvs2Vtxk3i+F8Y sv1KLziEW1MsQg1l8Nvn++5GoLhTNJapra3FYBkpitK3AMObip3G7hOPIqdu/C8P HtBxh5fmOEqYmDC2UB5c =3OPW -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org