tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: ERR_SSL_PROTOCOL_ERROR
Date Fri, 06 Nov 2015 16:07:00 GMT
Brajesh,

On 11/6/15 1:44 AM, Brajesh Patel wrote:
> We are getting "ERR_SSL_PROTOCOL_ERROR" error while hitting any request
> from browser following configuration we have:
> 
> Tomcat:5.5
> 
>          <property name="clientAuth" value="false"/>
>             <property name="keystoreFile" value="file ofbizssl.jks"/>
>             <property name="keystorePass" value="changeit"/>
>             <property name="keystoreType" value="JKS"/>
>             <property name="sslProtocol" value="TLS"/>
>             <property name="ciphers"
> value="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV"/>
> 
> Please suggest us.

A few things:

1. Tomcat 5.5 is no longer supported. Consider an upgrade to a later
version. Tomcat 8.0.28 is the most recent version.

2. SSL protocol error is almost certainly caused by trying to use an
SSLv3 client with a TLS-only server (or vice-versa). The server or the
client might have been updated without you realizing it. Recent versions
of the Java JVM have SSLv3 explicitly disabled and you'd need additional
configuration to re-enable it.

Can you connect to your server using the "openssl s_client" command? You
may have to use the "-ssl3" or "-tls1" switches to be able to connect.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message