Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5071318857 for ; Fri, 6 Nov 2015 16:07:31 +0000 (UTC) Received: (qmail 63994 invoked by uid 500); 6 Nov 2015 16:07:27 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 63934 invoked by uid 500); 6 Nov 2015 16:07:27 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 63923 invoked by uid 99); 6 Nov 2015 16:07:27 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Nov 2015 16:07:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 351E6C1380 for ; Fri, 6 Nov 2015 16:07:27 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.98 X-Spam-Level: X-Spam-Status: No, score=0.98 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=disabled Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id aOctbrN86wvK for ; Fri, 6 Nov 2015 16:07:26 +0000 (UTC) Received: from vms173017pub.verizon.net (vms173017pub.verizon.net [206.46.173.17]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id BFA0D20753 for ; Fri, 6 Nov 2015 16:07:25 +0000 (UTC) Received: from Christophers-MacBook-Pro.local ([71.127.40.115]) by vms173017.mailsrvcs.net (Oracle Communications Messaging Server 7.0.5.32.0 64bit (built Jul 16 2014)) with ESMTPA id <0NXE00G7CI3OWQW0@vms173017.mailsrvcs.net> for users@tomcat.apache.org; Fri, 06 Nov 2015 10:07:01 -0600 (CST) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=EdU1O6SC c=1 sm=1 tr=0 a=tVXBnewmVzifmTgg5+7jYA==:117 a=-57I09spAAAA:8 a=oR5dmqMzAAAA:8 a=IkcTkHD0fZMA:10 a=qtqOOiqGOCEA:10 a=I4CWAYwsAeXlp9CWnFUA:9 a=QEXdDO2ut3YA:10 Subject: Re: ERR_SSL_PROTOCOL_ERROR To: Tomcat Users List References: From: Christopher Schultz Message-id: <563CD024.802@christopherschultz.net> Date: Fri, 06 Nov 2015 11:07:00 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-version: 1.0 In-reply-to: Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 7bit Brajesh, On 11/6/15 1:44 AM, Brajesh Patel wrote: > We are getting "ERR_SSL_PROTOCOL_ERROR" error while hitting any request > from browser following configuration we have: > > Tomcat:5.5 > > > > > > > value="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV"/> > > Please suggest us. A few things: 1. Tomcat 5.5 is no longer supported. Consider an upgrade to a later version. Tomcat 8.0.28 is the most recent version. 2. SSL protocol error is almost certainly caused by trying to use an SSLv3 client with a TLS-only server (or vice-versa). The server or the client might have been updated without you realizing it. Recent versions of the Java JVM have SSLv3 explicitly disabled and you'd need additional configuration to re-enable it. Can you connect to your server using the "openssl s_client" command? You may have to use the "-ssl3" or "-tls1" switches to be able to connect. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org