tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brajesh Patel <brajeshpate...@gmail.com>
Subject Re: ERR_SSL_PROTOCOL_ERROR
Date Fri, 06 Nov 2015 17:53:22 GMT
Hi chris,

Thanks for your reply, yes we are on too old version of tomcat , issue was
occur because infra team updated java version .

sent from YU
On Nov 6, 2015 9:37 PM, "Christopher Schultz" <chris@christopherschultz.net>
wrote:

> Brajesh,
>
> On 11/6/15 1:44 AM, Brajesh Patel wrote:
> > We are getting "ERR_SSL_PROTOCOL_ERROR" error while hitting any request
> > from browser following configuration we have:
> >
> > Tomcat:5.5
> >
> >          <property name="clientAuth" value="false"/>
> >             <property name="keystoreFile" value="file ofbizssl.jks"/>
> >             <property name="keystorePass" value="changeit"/>
> >             <property name="keystoreType" value="JKS"/>
> >             <property name="sslProtocol" value="TLS"/>
> >             <property name="ciphers"
> >
> value="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV"/>
> >
> > Please suggest us.
>
> A few things:
>
> 1. Tomcat 5.5 is no longer supported. Consider an upgrade to a later
> version. Tomcat 8.0.28 is the most recent version.
>
> 2. SSL protocol error is almost certainly caused by trying to use an
> SSLv3 client with a TLS-only server (or vice-versa). The server or the
> client might have been updated without you realizing it. Recent versions
> of the Java JVM have SSLv3 explicitly disabled and you'd need additional
> configuration to re-enable it.
>
> Can you connect to your server using the "openssl s_client" command? You
> may have to use the "-ssl3" or "-tls1" switches to be able to connect.
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message