Hi , Thanks for reply,
I am using following environment Description: Ubuntu 12.04.3 LTS javac 1.7.0_45 apache-tomcat-7.0.42.tar.gz apr-1.5.0.tar.gz tomcat-native-1.1.29-src.tar.gz openssl 1.0.1-4ubuntu5.10 and this how i am configuring Tomcat Native ./configure --with-apr=/usr/local/apr/bin/apr-1-config --with-java-home=$JAVA_HOME --with-ssl=yes --prefix=$CATALINA_HOME export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/tomcat7/lib" Server.xml: <Connector port="8443" protocol="HTTP/1.1" maxThreads="200" sslProtocol="TLSv1" sslEnabledProtocols="TLSv1.2" clientAuth="false" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="/home/mudassir/cert.pem" SSLCertificateKeyFile="/home/mudassir/cert-key.pem" SSLCACertificateFile="/home/mudassir/CA.pem" /> Regards, Mudassir Aftab On Fri, Jan 3, 2014 at 2:28 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Mudassir Aftab [mailto:withmudas...@gmail.com] > > Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47 > > > I need TLSv1.2 support for tomcat > > That's available by default with current OpenSSL versions. > > > Also what will be the preferable connector settings ? > > Whatever you need them to be. The values depend entirely on your > applications and environment. > > > I am using following connector in Apache Tomcat/7.0.42 > > <Connector port="8443" > . . . > > sslEnabledProtocols="TLSv1.2" > > The above attribute is for the BIO and NIO connectors, not the APR one you > are using. You should instead specify: > SSLProtocol="TLSv1" > if you want to eliminate SSLv3 (but your client might not like that). You > can also set SSLCipherSuite to avoid enabling insecure encryption > mechanisms (see > http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher). > > > An error occurred during a connection to confidential.com:8443. Cannot > > communicate securely with peer: no common encryption algorithm(s). > > This means the client you're using and your build of OpenSSL have nothing > in common. Use Wireshark or tcpdump and determine just which protocols > your client is attempting to negotiate with, and insure that those are > enabled in your build of OpenSSL. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail and > its attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >