After getting the various pieces to work piecemeal in a development
environment I am trying to integrate in a production environment and
running into the above problem.
Here are the pieces, all on CENTOS 6.4 with Java 7:
- Apache HTTPD running a single virtual host that runs a wordpress
website. Uses a commercial SSL certificate
- Tomcat 7, SSL sefl-signed on port 8443 with the following web
applications:
- CAS
- CH, an line-of-business monitoring application.
The WordPress site virtual host is httpd configuration uses mod_proxy to
proxy CAS and CH requests to Tomcat. Before introducing CAS I can get to
each application without issue:
- CAS at http://portal.acmeinc.com/CAS/*
- CH at http://portal.acmeinc.com/CH/*
- Wordpress at http://portal.acmeinc.com/*
I've setup my keystore and trustore correctly I believe.
I can login successfully to CAS, e.g. to:
http://portal.acmeinc.com/cas/services
I've turned on SSL debugging per this guide:
https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide
When I try http://portal.acmeinc.com/CH/index.jsp I end up getting the
above exception. Here is the output of the log.
2014-02-04 21:41:06,469 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 4 services.>
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-bio-8443-Acceptor-0, setSoTimeout(60000) called
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for
SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for
SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for
SSLv2Hello
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for
SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for
SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for
TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for
TLSv1.1
http-bio-8443-exec-1, handling exception: javax.net.ssl.SSLException:
Unrecognized SSL message, plaintext connection?
http-bio-8443-exec-1, SEND TLSv1 ALERT: fatal, description =
unexpected_message
http-bio-8443-exec-1, WRITE: TLSv1 Alert, length = 2
http-bio-8443-exec-1, called closeSocket()
http-bio-8443-exec-1, IOException in getSession():
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
http-bio-8443-exec-1, called close()
http-bio-8443-exec-1, called closeInternal(true)
2014-02-04 21:43:06,438 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered
services.>
Also, the browser I'm using attempts to download the file, which is only
six control characters:
NAK ETX SOH NUL STX STX
Any iideas or hints on solving this are appreciated.
Thank you - Richard
--
Richard Mixon
Custom Computer Creations, L.L.C.
mobile: (480) 577-6834 office: (480) 614-3442
email: rnmi...@custco.biz <mailto:rnmi...@custco.biz>
Microsoft Partner ID: 1263725
The messages and documents transmitted with this notice contain
confidential information belonging to the sender. If you are not the
intended recipient of this information, you are hereby notified that any
disclosure, copying, distribution or use of the information is strictly
prohibited. If you have received this transmission in error, please notify
the sender immediately.
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
