also following setting is working for TLS v1 but not with TLS v1.2, so its
a bug !!! ....
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="200"
clientAuth="false"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/home/mudassir/certs/ca.pem"
SSLCertificateKeyFile="/home/mudassir/certs/k.key" />
On Fri, Jan 3, 2014 at 6:56 PM, Mudassir Aftab <[email protected]>wrote:
> HI,
>
> That was just typo error but on system it is fine and i am keep checking
> logs, no warning in it
>
> also what about following post
>
>
> I just also took interest to dig this issue.
>
> The Document which you were referring
> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native,
> is clearly stated that only SSLv2, SSLv3, TLSv1 is support by SSLProtocol
> Attribute.
>
> SSLCipherSuite will only be supported cipher available in SSLv2,SSLv3,
> TLSV1.
>
> TLSv1.1 and TLSV1.2 supported Cipher can't be invoked until TLSv1.1 and
> TLSv1.2 is enabled.see the supported Cipher list on TLSV1.2 on openssl
> link. http://www.openssl.org/docs/apps/ciphers.html#TLS_v1_2_cipher_suites
>
> I am happy to see if someone enabled below ciphers without enabling the
> TLSv1.2
>
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384
> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256
> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384
>
>
>
>
> On Fri, Jan 3, 2014 at 6:00 PM, David kerber <[email protected]> wrote:
>
>> On 1/3/2014 3:28 AM, Mudassir Aftab wrote:
>>
>>> Hi,
>>>
>>> Sorry for asking u same thing again and again, i have tried many things
>>> from above document, but nothing works for me, also no errors in the log
>>>
>>> <Connector port="8443"
>>> protocol="org.apache.coyote.http11.Http11AprProtocol"
>>> maxThreads="200"
>>> clientAuth="false"
>>> ciphers="ECDH-ECDSA-AES128-GCM-SHA256"
>>> scheme="https" secure="true" SSLEnabled="true"
>>> SSLCertificateFile="/home/mudassir/pay/p.pem"
>>> SSLCertificateKeyFile="/home/mudassir/p-key.pem"
>>> SSLCACertificateFile="/home/mudassir/AdminCA1.pem" />
>>>
>>> SSCipherSuit="ECDH-ECDSA-AES128-GCM-SHA256"
>>>
>>> I really appreciate your help
>>>
>>>
>> If what you list here is what is really in your config file, you're not
>> proofreading your configuration entries very well. You have SSLCipherSuite
>> misspelled (two missing letters), and it's not inside the connector
>> configuration entry.
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>>
>
