Re: SSL Errors and Warnings with various version of Tomcat
On Tue, 13 Nov 2018 at 14:10, Mark Thomas wrote: > > On 13/11/2018 14:00, Rémy Maucherat wrote: > > On Tue, Nov 13, 2018 at 2:50 PM Richard Tearle < > > richard.tea...@northgateps.com> wrote: > > > >> Hi > >> > >> Our applications are all working fine with Tomcat 8.5.34 and Tomcat > >> Native 1.2.17; Centos 7.5; OpenSSL 1.0.2k-fips 26 Jan 2017; Oracle > >> Java JRE 8u172 > >> > >> On upgrading to Tomcat 8.5.35 and Tomcat Native 1.2.18, we get the > >> following warning: > >> > >> 12-Nov-2018 14:37:03.459 WARNING [main] > >> org.apache.tomcat.util.net.openssl.OpenSSLEngine. Failed > >> getting cipher list > >> java.lang.Exception: Invalid Server SSL Protocol > >> (error::lib(0):func(0):reason(0)) > >> at org.apache.tomcat.jni.SSLContext.make(Native Method) > >> at org.apache.tomcat.util.net > >> .openssl.OpenSSLEngine.(OpenSSLEngine.java:73) > >> > > > > There was a patch porting problem in 8.5 in the jni.SSL class. > > Sorry. My mistake. > > I'll get the necessary fix back-ported for the next 8.5.x release. > > Mark OK - so I just hold off until the next release - we can live with that. Thanks all! Richard > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- This email is sent on behalf of Northgate Public Services (UK) Limited and its associated companies including Rave Technologies (India) Pvt Limited (together "Northgate Public Services") and is strictly confidential and intended solely for the addressee(s). If you are not the intended recipient of this email you must: (i) not disclose, copy or distribute its contents to any other person nor use its contents in any way or you may be acting unlawfully; (ii) contact Northgate Public Services immediately on +44(0)1442 768445 quoting the name of the sender and the addressee then delete it from your system. Northgate Public Services has taken reasonable precautions to ensure that no viruses are contained in this email, but does not accept any responsibility once this email has been transmitted. You should scan attachments (if any) for viruses. Northgate Public Services (UK) Limited, registered in England and Wales under number 00968498 with a registered address of Peoplebuilding 2, Peoplebuilding Estate, Maylands Avenue, Hemel Hempstead, Hertfordshire, HP2 4NW. Rave Technologies (India) Pvt Limited, registered in India under number 117068 with a registered address of 2nd Floor, Ballard House, Adi Marzban Marg, Ballard Estate, Mumbai, Maharashtra, India, 41. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Errors and Warnings with various version of Tomcat
On 13/11/2018 14:00, Rémy Maucherat wrote: > On Tue, Nov 13, 2018 at 2:50 PM Richard Tearle < > richard.tea...@northgateps.com> wrote: > >> Hi >> >> Our applications are all working fine with Tomcat 8.5.34 and Tomcat >> Native 1.2.17; Centos 7.5; OpenSSL 1.0.2k-fips 26 Jan 2017; Oracle >> Java JRE 8u172 >> >> On upgrading to Tomcat 8.5.35 and Tomcat Native 1.2.18, we get the >> following warning: >> >> 12-Nov-2018 14:37:03.459 WARNING [main] >> org.apache.tomcat.util.net.openssl.OpenSSLEngine. Failed >> getting cipher list >> java.lang.Exception: Invalid Server SSL Protocol >> (error::lib(0):func(0):reason(0)) >> at org.apache.tomcat.jni.SSLContext.make(Native Method) >> at org.apache.tomcat.util.net >> .openssl.OpenSSLEngine.(OpenSSLEngine.java:73) >> > > There was a patch porting problem in 8.5 in the jni.SSL class. Sorry. My mistake. I'll get the necessary fix back-ported for the next 8.5.x release. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Errors and Warnings with various version of Tomcat
On Tue, Nov 13, 2018 at 2:50 PM Richard Tearle < richard.tea...@northgateps.com> wrote: > Hi > > Our applications are all working fine with Tomcat 8.5.34 and Tomcat > Native 1.2.17; Centos 7.5; OpenSSL 1.0.2k-fips 26 Jan 2017; Oracle > Java JRE 8u172 > > On upgrading to Tomcat 8.5.35 and Tomcat Native 1.2.18, we get the > following warning: > > 12-Nov-2018 14:37:03.459 WARNING [main] > org.apache.tomcat.util.net.openssl.OpenSSLEngine. Failed > getting cipher list > java.lang.Exception: Invalid Server SSL Protocol > (error::lib(0):func(0):reason(0)) > at org.apache.tomcat.jni.SSLContext.make(Native Method) > at org.apache.tomcat.util.net > .openssl.OpenSSLEngine.(OpenSSLEngine.java:73) > There was a patch porting problem in 8.5 in the jni.SSL class. Rémy
SSL Errors and Warnings with various version of Tomcat
Hi Our applications are all working fine with Tomcat 8.5.34 and Tomcat Native 1.2.17; Centos 7.5; OpenSSL 1.0.2k-fips 26 Jan 2017; Oracle Java JRE 8u172 On upgrading to Tomcat 8.5.35 and Tomcat Native 1.2.18, we get the following warning: 12-Nov-2018 14:37:03.459 WARNING [main] org.apache.tomcat.util.net.openssl.OpenSSLEngine. Failed getting cipher list java.lang.Exception: Invalid Server SSL Protocol (error::lib(0):func(0):reason(0)) at org.apache.tomcat.jni.SSLContext.make(Native Method) at org.apache.tomcat.util.net.openssl.OpenSSLEngine.(OpenSSLEngine.java:73) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getImplementedProtocols(OpenSSLUtil.java:63) at org.apache.tomcat.util.net.SSLUtilBase.(SSLUtilBase.java:67) at org.apache.tomcat.util.net.SSLUtilBase.(SSLUtilBase.java:51) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.(OpenSSLUtil.java:42) at org.apache.tomcat.util.net.openssl.OpenSSLImplementation.getSSLUtil(OpenSSLImplementation.java:36) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:86) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1087) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:265) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) at org.apache.catalina.connector.Connector.initInternal(Connector.java:993) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.startup.Catalina.load(Catalina.java:638) at org.apache.catalina.startup.Catalina.load(Catalina.java:661) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) On downgrading Tomcat Native to 1.2.17, and still keeping Tomcat 8.5.35, we get the following FATAL: 12-Nov-2018 17:24:17.474 SEVERE [https-openssl-nio-8443-exec-2] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending(J)I at org.apache.tomcat.jni.SSL.renegotiatePending(Native Method) at org.apache.tomcat.util.net.openssl.OpenSSLEngine.getHandshakeStatus(OpenSSLEngine.java:1021) at org.apache.tomcat.util.net.openssl.OpenSSLEngine.wrap(OpenSSLEngine.java:457) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:440) at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:211) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1475) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Our application is fine with Tomcat 8.5.34 and Tomcat Native 1.2.18 as well. Our connector configuration is, which we've not changed whilst testing various version combinations: We'd like to upgrade to Tomcat 8.5.35 and Tomcat Native 1.2.18, without the warning (our implementers get twitchy when they see warnings, even more so when it's around SSL/TLS...) Richard -- This email is sent on behalf of Northgate Public Services (UK) Limited and its associated companies including Rave Technologies (India) Pvt Limited (together "Northgate Public Services") and is strictly confidential and intended solely for the addressee(s). If you are not the intended recipient of this email you must: (i) not disclose, copy or distribute its contents to any other person nor use its contents in any