Hi ,
Thanks for reply,
I am using following environment
Description: Ubuntu 12.04.3 LTS
javac 1.7.0_45
apache-tomcat-7.0.42.tar.gz
apr-1.5.0.tar.gz
tomcat-native-1.1.29-src.tar.gz
openssl 1.0.1-4ubuntu5.10
and this how i am configuring Tomcat Native
./configure --with-apr=/usr/local/apr/bin/apr-1-config
--with-java-home=$JAVA_HOME --with-ssl=yes --prefix=$CATALINA_HOME
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/tomcat7/lib"
Server.xml:
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="200"
sslProtocol="TLSv1" sslEnabledProtocols="TLSv1.2"
clientAuth="false"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/home/mudassir/cert.pem"
SSLCertificateKeyFile="/home/mudassir/cert-key.pem"
SSLCACertificateFile="/home/mudassir/CA.pem" />
Regards,
Mudassir Aftab
On Fri, Jan 3, 2014 at 2:28 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
> > From: Mudassir Aftab [mailto:withmudas...@gmail.com]
> > Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47
>
> > I need TLSv1.2 support for tomcat
>
> That's available by default with current OpenSSL versions.
>
> > Also what will be the preferable connector settings ?
>
> Whatever you need them to be. The values depend entirely on your
> applications and environment.
>
> > I am using following connector in Apache Tomcat/7.0.42
> > <Connector port="8443"
> . . .
> > sslEnabledProtocols="TLSv1.2"
>
> The above attribute is for the BIO and NIO connectors, not the APR one you
> are using. You should instead specify:
> SSLProtocol="TLSv1"
> if you want to eliminate SSLv3 (but your client might not like that). You
> can also set SSLCipherSuite to avoid enabling insecure encryption
> mechanisms (see
> http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher).
>
> > An error occurred during a connection to confidential.com:8443. Cannot
> > communicate securely with peer: no common encryption algorithm(s).
>
> This means the client you're using and your build of OpenSSL have nothing
> in common. Use Wireshark or tcpdump and determine just which protocols
> your client is attempting to negotiate with, and insure that those are
> enabled in your build of OpenSSL.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
