-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chirag,
On 10/8/13 6:01 AM, Chirag Dewan wrote: > I am using Embedded Tomcat 6.0.37. I have a servlet which is > running over HTTPS using SSL Connector. I have a Java Keystore with > Customer Certificate imported in it. > > Now,there is a HTTP Client on the customers end which connects > with the servlet over HTTPS(I have very little information about > the customers client configuration) > > The problem we are facing is: > > For the first request from Client,the SSL handshaking fails. How, specifically? What do you observe on the server? What do you observe on the client? > From second request, handshaking is completed successfully and the > requests are processed. I have observed when Server selects > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA as the cipher suite, only then > the Server sends a reset to the client and the handshaking fails. > On second request, with same cipher suite,it works fine. So the first request and second request seem to both negotiate the same cipher suite (TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) but the first one fails? > Can anyone assist me in understanding why it is failing for the > first time? And is there any way I can force the Tomcat not to > select this cipher suite? Or any other way that I can resolve this > issue. See the Connector documentation, specifically the "cipherSuites" attribute. Unfortunately, Tomcat's cipherSuites configuration is only explicit... you can't say something like "defaults without TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA". See this thread in the archives for a short program that will dump-out the available cipher suites and indicates which ones are available by default in your environment (note that the results will change for every different version of Java you use): http://markmail.org/message/zn4namfhypyxum23 - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSVCdnAAoJEBzwKT+lPKRYM9cP/3GztDeXBYguwJ/Q+YBnNSea NzEQuJXFmaSJhhhCP4NMrHz0Fq4zZlKu9khxicK4gwcfGuCZ0i2BkNx1jZh9wgOF aedSeZinpXtF5L+EiWUCm9Xz2yPHuX40+VIaW9X4/TfG+DMcDVvFFAH1onjHQ5im KECrmK5ratXmVfm9o37SrXItoqNFLqk70mxcZlVec40fp7nu3Bn2ReMIKcSCSXcb Sr97cHlRD8yMBqTn42RNTSzfFfJ/5TFNzmwXzlrSJcWO+6mpKYmXXdbJc3voNd3W e+ZWmJQheJEVm6n86z2PMqwJyBtaiNFRxOxbeXHtU1BwemhSAP1EVPtZSUKQ5k+4 vHbZ4CfhuSgM6IaoTZjqqZkvch4POTLUWPArFJeEyOS8p9vayNoVhFectMtutR4O zHxanjckpCgJYp5w82jRaZ4Xs9SojTedHn6gSElxZK94fg9H4dL6g43h+zSpnuJC 0KF4U47FMklZJBikjDXbkcH3YY8Bd+e+5JMl2Uu+TyjG12Cj6wxyOKM4ubAF7pMO IZbs9WEgHx2Oj515RgFNQGF8uXLysLo4uBiCbTEvFQ3T/eGrSzvYi6kLKi/izPuc TbSYcS1UEAiRKABPMRbUKDqmD6IOTOjbR66lamwTzNFvsyH+BhoaB1RVHy9TUC2U YicDQSfyb9kfCnANiGwR =pYDx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
