tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: TLSv1.2 ALERT: fatal, description = unexpected_message
Date Mon, 06 Jun 2016 19:05:30 GMT
Hash: SHA1


On 6/5/16 1:45 PM, Venkata Reddy P wrote:
> My current ssl errors are getting only for IE and google chrome 
> browsers.  The same application is working well for the Firefox 
> that's the reason can't suspect the SSL implementation.

I disagree with your assumption here that Firefox and MSIE/Chrome all
work the same way when it comes to TLS. Perhaps MSIE/Chrome use a
particular TLS extension that Firefox does not. Perhaps there is a
cipher suite in the list from MSIE/Chrome that is not in Firefox (or

> I have also tried with OpenSSL client and confirms the nothing
> wrong with ssl implementation. The same ssl implantation have been
> using from tomcat4 onwards and the same implementation has been
> injected as per the tomcat8 connectors.

Lots of changes have occurred within the Tomcat Connector code between
Tomcat 4 and Tomcat 8. The same implementation can not be successfully
re-used across those versions.

Perhaps if you shared some of the code, we could help debug it. If
not, you will have to debug your own code by yourself.

- -chris

> -----Original Message----- From: Mark Thomas
> [] Sent: 05 June 2016 22:23 To: Tomcat Users
> List Subject: Re: TLSv1.2 ALERT: fatal, description =
> unexpected_message
> On 05/06/2016 16:32, Venkata Reddy P wrote:
>> Hi,
>> I have a setup with Tomcat8.0.33,jre8u91 and with ssl enabled
>> with http connector. <Connector SSLEnabled="true"
>> acceptCount="100" address="" connectionTimeout="-1" 
>> disableUploadTimeout="true" enableLookups="false" 
>> maxHttpHeaderSize="8192" maxThreads="500" port="50002" 
>> protocol="com.poc.tomcat8.SSLHttp11Protocol" scheme="https"
>> secure="true" />
>> Most of the application works on ssl without any issues but while
>> downloading JS,CSS files seems to be failing. I can't suspect the
>> ssl implementation.
> Why not? We haven't seen any reports from users using the default
> TLS implementation. You are using a custom TLS implementation any
> you are seeing errors. Absent some VERY strong evidence this is a
> Tomcat bug, all the indications are that the bug is in
> com.poc.tomcat8.SSLHttp11Protocol
> Mark
> ---------------------------------------------------------------------
To unsubscribe, e-mail:
> For additional commands, e-mail:
> ---------------------------------------------------------------------
To unsubscribe, e-mail:
> For additional commands, e-mail:
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message