-----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, February 14, 2013 11:41 AM To: Tomcat Users List Subject: Re: Tomcat upgrade ->SSL handshake failure?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Steve, On 2/13/13 4:04 PM, Thomas, Steve wrote: > A coworker just found this: > http://stackoverflow.com/questions/14167508/intermittent-sslv3-alert-h > andshake-failure-under-python Interesting. > I wonder if this has to do with renegotiation: that might account for the apparent randomness. Are you making lots of individual connections from a single python process, or are these one-time requests from separate processes? > which looks promising and explains the intermittent behavior. We are > going to try to limit the ciphers to see if that fixes things. Please report back what you've found. Others may be going crazy with similar situations. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEdE6UACgkQ9CaO5/Lv0PDoEACeLqKOeq3qxqsCHXLRsgYuDyj/ qwEAnAmvOndCnWtrYgU0hxV/LcKirjbz =rAhy -----END PGP SIGNATURE----- --------------------------------------------------------------------- Yep, will do. So far we've tried changing the ciphers by adding the following to our HTTPS connector ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" but so far that has not worked. My next step is to crank up the logging on Python's urllib2 with http://stackoverflow.com/a/4404838/1387355 to see if that can shed any light. Our automation team is also looking into moving to Python 3.3 to see if that can resolve the issue. Thanks again for your interest and help. More later. Steve T This message is intended only for the named recipient. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action based on the contents of this information is strictly prohibited.