Re: embedded, not local

Mon, 15 Feb 2021 12:33:04 -0800 

Rob,

On 2/15/21 13:41, Rob Sargent wrote:

openssl s_client -showcerts -connect k1:16004
CONNECTED(00000003)
139674280387904:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331: 
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 312 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

Is it the version mismatch, or am I back in CORShell?


Try this:

$ openssl s_client -showcerts -connect k1:16004 -tls1_2
Check the port? Remember that TLS is enabled on one port (Connector) while plaintext is on another port (Connector). So switch from plaintext to TLS you will need to change port numbers in your s_client connection string (and browser).
How many connectors are you configuring? And how? Your code only shows configuring a local "connector" reference, but not where it came from, if it was added to the server component, etc. 

-chris


On 2/15/21 11:12 AM, Luis Rodríguez Fernández wrote:

mmm, I see...

- May I ask you to run ` openssl s_client -showcerts -connect
localhost:16004` to check that your tomcat connector has started? You
should get an output like `Verify return code: 18 (self signed certificate)` - Having a look at what your browser is saying I have the feeling that your 
issue is not 100% SSL/TLS related but more CORS related stuff...

Cheers,

Luis

El lun, 15 feb 2021 a las 16:18, Rob Sargent (<rsarg...@xmission.com>)
escribió:


Luis,
Not a peep.  Not in IntelliJ, nor from startup script (with zero output
redirects). It works (on localhost:16004 and on k1:16004 (fully
qualified), but only http, not https.  The browser shows "This site
can’t provide a secure connection" and not much from chrome inspect:
request: "Referrer Policy: strict-origin-when-cross-origin"
response: "Failed to load response data"

Thanks
rjs

On 2/15/21 2:14 AM, Luis Rodríguez Fernández wrote:

Hello Rob,

Do you have a stacktrace or error message that you can share?

Cheers,

Luis










---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to