On 21.09.2016 18:49, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ron,
On 9/21/16 11:58 AM, Roskens, Ronald wrote:
-----Original Message----- From: Christopher Schultz
[mailto:ch...@christopherschultz.net] Sent: Wednesday, September
21, 2016 9:40 AM To: Tomcat Users List Subject: Re: TLS 1.2
Handshake on Tomcat 7.0.39 Getting Internal Error: Key format
must be RAW
<snipped>
This may be the most promising page on the Internet, but of
course Red Hat wants you to pay to read it:
https://access.redhat.com/solutions/1309153
I can't see the "verified solution", or I'd reprint it here
without permission :)
The resolution says to either disable TLS 1.2 or FIPS mode.
The root cause is the PKCS#11 implementation included in Java 7 and
8 does not support TLS 1.2 when in FIPS mode as documented in
OpenJDK bug JDK-8029661
(https://bugs.openjdk.java.net/browse/JDK-8029661)
See also:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/F
IPS.html
Thanks
for posting this.
Good old FIPS: hobbling real security since 1994.
Thanks also, but does this explain fully the symptoms seen by the OP ? As I recall, he
had 3 apparently similar servers, configured similarly, but where 2 were seeing the
problem and the third one not.
Or was there another difference which he did not tell us about, and where ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
