Return-Path: 
 <dev-return-160548-apmail-tomcat-dev-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-dev-archive@www.apache.org
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 4C76D17EE4
	for <apmail-tomcat-dev-archive@www.apache.org>;
 Thu, 19 Mar 2015 19:23:41 +0000 (UTC)
Received: (qmail 3264 invoked by uid 500); 19 Mar 2015 19:23:40 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 3187 invoked by uid 500); 19 Mar 2015 19:23:40 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 3177 invoked by uid 99); 19 Mar 2015 19:23:40 -0000
Received: from mail-relay.apache.org (HELO mail-relay.apache.org)
 (140.211.11.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Mar 2015 19:23:40 +0000
Received: from asf-bz1-us-mid.priv.apache.org (nat1-us-mid.apache.org
 [23.253.172.122])
	by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with
 ESMTPS id 47FEF1A0396
	for <dev@tomcat.apache.org>; Thu, 19 Mar 2015 19:23:40 +0000 (UTC)
Received: by asf-bz1-us-mid.priv.apache.org (ASF Mail Server at
 asf-bz1-us-mid.priv.apache.org, from userid 33)
	id AB92B602CF; Thu, 19 Mar 2015 19:23:37 +0000 (UTC)
From: bugzilla@apache.org
To: dev@tomcat.apache.org
Subject: [Bug 57728] New: OpenSSL error 140A90A1 (no ciphers) on Tomcat
 6.0.43 with tcnative 1.1.32 and APR SSL connector
Date: Thu, 19 Mar 2015 19:23:37 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Tomcat 6
X-Bugzilla-Component: Native:Integration
X-Bugzilla-Version: 6.0.43
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: lscotte@gmail.com
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: dev@tomcat.apache.org
X-Bugzilla-Target-Milestone: default
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
Message-ID: <bug-57728-78@https.bz.apache.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bz.apache.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0

https://bz.apache.org/bugzilla/show_bug.cgi?id=57728

            Bug ID: 57728
           Summary: OpenSSL error 140A90A1 (no ciphers) on Tomcat 6.0.43
                    with tcnative 1.1.32 and APR SSL connector
           Product: Tomcat 6
           Version: 6.0.43
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Native:Integration
          Assignee: dev@tomcat.apache.org
          Reporter: lscotte@gmail.com

We are experiencing issues with Tomcat 6.0.43 that do not occur on Tomcat
7.0.59 with the exact same versions of tomcat-native (1.1.32) and apr (1.5.1)
and same Tomcat configuration.

When starting Tomcat, it throws the following exception (more complete logs,
stacktrace, and configuration below):

java.lang.Exception: Invalid Server SSL Protocol
(error:140A90A1:lib(20):func(169):reason(161))

This error means:
$ openssl errstr 140A90A1
error:140A90A1:SSL routines:SSL_CTX_new:library has no ciphers

I tried specifying explicit SSLProtocol and SSLCipherSuite to no avail. To be
sure that this was not caused by bugs in distribution patches (such as
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780447 which bit us on Tomcat
7.0.59), I compiled tomcat-native and libapr from latest Apache sources,
obtained directly from Apache mirrors.

More complete log and stacktrace:

Mar 19, 2015 6:56:12 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.32 using APR version
1.5.1.
Mar 19, 2015 6:56:12 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
Mar 19, 2015 6:56:13 PM org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: Invalid Server SSL Protocol
(error:140A90A1:lib(20):func(169):reason(161))
        at org.apache.tomcat.jni.SSLContext.make(Native Method)
        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:779)
        at
org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:109)
        at
org.apache.catalina.connector.Connector.initialize(Connector.java:1123)
        at
org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
        at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)

Mar 19, 2015 6:56:13 PM org.apache.catalina.core.StandardService initialize
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-7102]]
LifecycleException:  Protocol handler initialization failed:
java.lang.Exception: Invalid Server SSL Protocol
(error:140A90A1:lib(20):func(169):reason(161))
        at
org.apache.catalina.connector.Connector.initialize(Connector.java:1125)
        at
org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
        at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)

Relevant Tomcat configuration:

      <Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />

      <Connector port="7102"
                 maxThreads="200"
                 protocol="org.apache.coyote.http11.Http11AprProtocol"
                 scheme="https"
                 secure="true"
                 SSLEnabled="true"
                 SSLCertificateFile="${catalina.base}/sslcerts/test-cert.pem"
                 SSLCertificateKeyFile="${catalina.base}/sslcerts/test-key.pem"
                 SSLVerifyClient="optional"/>

Host is Ubuntu Trusty 14.04 with libssl 1.0.1f-1ubuntu2.8, Java is build
1.7.0_55-b13.

Again, this same exact configuration, on the same system, with the same
libraries, starts just fine with Tomcat 7.0.59, and worked fine on Tomcat
6.0.37 with tomcat-native 1.1.29 and libapr 1.5.0. Note we have some
applications which still require Tomcat 6 or we would simply do the obvious and
migrate to Tomcat 7 or 8.

Let me know if there's any additional information I can provide.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org