> From: Mudassir Aftab [mailto:withmudas...@gmail.com] > Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47
> <Connector port="8443" > protocol="org.apache.coyote.http11.Http11AprProtocol" > maxThreads="200" > clientAuth="false" > *SSLCipherSuite="ECDHE-ECDSA-AES128-SHA256"* Why are there asterisks on that config line? Remove them if they're actually present. Don't try to get cute with formatting tricks like bolding text, since this is a plaintext mailing list. > Jan 03, 2014 5:09:49 PM org.apache.catalina.core.AprLifecycleListener > initializeSSL > INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012) You need to update the OpenSSL version to 1.0.1e, which contains fixes for TLS 1.1 and 1.2 negotiation. Once that's installed (and tcnative rebuilt), verify that the desired cipher is available with the "openssl ciphers" command. You also need to confirm that your client is capable of TLSv1.2 using the above cipher. As stated before, getting a Wireshark or tcpdump trace of the negotiation would show what the client allows. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
