Change http://portal.acmeinc.com/CH/index.jsp To HTTPS://
I don't understand the stack trace, but when you download those 6 control
characters, you a accessing a SSL port with http.
Either change the port to a non-SSL or use https
Hope this helps!
On Wednesday, February 5, 2014 12:06 AM, Richard Mixon <rnmi...@custco.biz>
wrote:
After getting the various pieces to work piecemeal in a development environment
I am trying to integrate in a production environment and running into the above
problem.
Here are the pieces, all on CENTOS 6.4 with Java 7:
* Apache HTTPD running a single virtual host that runs a wordpress
website. Uses a commercial SSL certificate
* Tomcat 7, SSL sefl-signed on port 8443 with the following web
applications:
* CAS
* CH, an line-of-business monitoring application.
The WordPress site virtual host is httpd configuration uses mod_proxy to proxy
CAS and CH requests to Tomcat. Before introducing CAS I can get to each
application without issue:
* CAS at http://portal.acmeinc.com/CAS/*
* CH at http://portal.acmeinc.com/CH/*
* Wordpress at http://portal.acmeinc.com/*
I've setup my keystore and trustore correctly I believe.
I can login successfully to CAS, e.g. to:
http://portal.acmeinc.com/cas/services
I've turned on SSL debugging per this guide:
https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide
When I try http://portal.acmeinc.com/CH/index.jsp I end up getting the above
exception. Here is the output of the log.
2014-02-04 21:41:06,469 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 4 services.>
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-bio-8443-Acceptor-0, setSoTimeout(60000) called
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for
SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for
SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for
SSLv2Hello
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for
TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for
TLSv1.1
http-bio-8443-exec-1, handling exception: javax.net.ssl.SSLException:
Unrecognized SSL message, plaintext connection?
http-bio-8443-exec-1, SEND TLSv1 ALERT: fatal, description = unexpected_message
http-bio-8443-exec-1, WRITE: TLSv1 Alert, length = 2
http-bio-8443-exec-1, called closeSocket()
http-bio-8443-exec-1, IOException in getSession(): javax.net.ssl.SSLException:
Unrecognized SSL message, plaintext connection?
http-bio-8443-exec-1, called close()
http-bio-8443-exec-1, called closeInternal(true)
2014-02-04 21:43:06,438 INFO
[org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered
services.>
Also, the browser I'm using attempts to download the file, which is only six
control characters:
NAK ETX SOH NUL STX STX
Any iideas or hints on solving this are appreciated.
Thank you - Richard
--
Richard Mixon
Custom Computer Creations, L.L.C.
mobile: (480) 577-6834 office: (480) 614-3442
email: rnmi...@custco.biz <mailto:rnmi...@custco.biz>
Microsoft Partner ID: 1263725
The messages and documents transmitted with this notice contain confidential
information belonging to the sender. If you are not the intended recipient of
this information, you are hereby notified that any disclosure, copying,
distribution or use of the information is strictly prohibited. If you have
received this transmission in error, please notify the sender immediately.
--
You are currently subscribed to cas-user@lists.jasig.org as:
mmaceach...@yahoo.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
