Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

Fri, 03 Jan 2014 15:51:40 -0800 

On 1/3/2014 2:43 PM, Caldarale, Charles R wrote:

From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: RE:
TLS is not working in 6.0.37, 7.0.42, 7.0.47



Again, we have to submit this as a bug.....TLS 1.2 is not working
in Tomcat


The only evidence you have provided is that your single chosen cipher
is not implemented by the version of Firefox you're using - which has
nothing to do with Tomcat.  The TCP capture you provided is just text
rather than a useful .pcap file, and no one's going to waste their
time digging through raw bits when any decent protocol analyzer would
do the job automatically.

- Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
PROPRIETARY MATERIAL and is thus for use only by the intended
recipient. If you received this in error, please contact the sender
and delete the e-mail and its attachments from all computers.



It's been years (more than I care to count) since I've read raw packet 
data, but at first glance I do not see the browser (172.16.50.10) 
initiating a TLSv1.2 Client Hello.


I'm looking at the following line:

0030  c0 0a c0 14 00 88 00 87 00 39 00 38 c0 0f c0 05   .........9.8....

I expect to see something like:

16 03 01

starting at octet 36. Instead, I see:

00 87 00


I don't know if that's because the information is encrypted, or what. 
However, it doesn't look like what I see when I aim Firefox 26.0 at an 
HTTPS site.



I don't know if gnome-wireshark is available for Ubuntu (I use Fedora or 
CentOS). If so, get that and look for the TLSv1.2 Client Hello coming 
from your browser. If it's not coming from your browser, then something 
else is wrong.



Are you addressing example.com with https://example.com:8443/ in your 
browser?



As has been pointed out, this is an all-volunteer list (taking a break 
from writing an RFP here). Making it difficult to answer questions 
(incorrect, incomplete, or difficult to parse information) will not 
encourage volunteers to step forth.


. . . . Friday night RFP response writing
/mde/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






























					Reply via email to