-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chuck,
On 1/3/14, 12:32 PM, Caldarale, Charles R wrote: >> From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: Re: >> TLS is not working in 6.0.37, 7.0.42, 7.0.47 > >> <Connector port="8443" >> protocol="org.apache.coyote.http11.Http11AprProtocol" >> maxThreads="200" clientAuth="false" >> *SSLCipherSuite="ECDHE-ECDSA-AES128-SHA256"* > > Why are there asterisks on that config line? Remove them if > they're actually present. Don't try to get cute with formatting > tricks like bolding text, since this is a plaintext mailing list. > >> Jan 03, 2014 5:09:49 PM >> org.apache.catalina.core.AprLifecycleListener initializeSSL INFO: >> OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012) > > You need to update the OpenSSL version to 1.0.1e, which contains > fixes for TLS 1.1 and 1.2 negotiation. Once that's installed (and > tcnative rebuilt), verify that the desired cipher is available with > the "openssl ciphers" command. > > You also need to confirm that your client is capable of TLSv1.2 > using the above cipher. As stated before, getting a Wireshark or > tcpdump trace of the negotiation would show what the client > allows. +1 You might want to look at sslscan, or use https://www.ssllabs.com/ssltest/index.html to test your server. It can tell you what ciphers are supported, etc. even if your client is misbehaving. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSyGbmAAoJEBzwKT+lPKRYKg0P/RuZTz7GvueQubDpJHKddZS4 XTYvhSsW9SV2XvXMztBZWWB0NS0D9sRS98d5cdCndbY5LDfzvKLZZwHokR8XKP0N JmVSvavkcpF3Sro6bayJrcholFhG7pZbsYmRULZKZREwKASzEoOAPcye4HyyjavD VTUDqitJWLpCXjyuoxNQWCV+OieHy9oOwbTDs6cZgfvJcS2uHOhwmTaZBwxadvJV E1JfxoXQghXlszDemY/ynbdCiX5NVqaeoNwzSYNshvusGdUoupr0/qQ2Zvd+hWt+ lPUxWZxftfRvLHmASDQPniAieCihDQLufnhFf0k82APlNaOgX+OTkqViOO5ceSin H0bVA607b/mlUdf9WWmkydpWZdwH8ikiXUkJcNn1kzATaFRnnxnq1ID+A7efKqS1 byAZ1/3Bm7kpTQgcoiJenbfHxgtxZwrksfODl9c+HM54R7y/eUNYLjouoX47d3pb CeYsYqhQmJtdYSF0Q2bRAlRBl9G8FBjXKhRAnDnkDc6V8FeYk2q/ege5ggrYYJUI EJjKxmZwOEz3MfX7T8fkYFHCQ0JF7+tSkKpDJDhWV/yXjCvMLJOE4eY1I15byuzC 6StssnHyusbflJTEg8D9qx4WcUgWYeRn/hyQmeU99+RwNhkP/hhPWH3LgA6gcz57 eKjZ56wJPsVmVVGerp2f =2O14 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
