On 21.02.2012 21:41, Mark Anthony wrote:
Referring to
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?r1=1149279view=log
there something thats broke that does not support TLSv1+SSLv3.
No it didn't break it.
Tomcat Version 6.0.35 APR Details :
INFO: Loaded APR based Apache Tomcat Native library 1.1.22.
Feb 19, 2012 10:22:55 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true]. Tomcat Server.xml
Connector port=30002 SSLCipherSuite=HIGH:!ADH:!MD5
SSLCertificateFile=/local/Tomcat6/0/cluster/machine0/tc6u/tomcat.crt
SSLCertificateKeyFile=/local/Tomcat6/0/cluster/machine0/tc6u/tomcat.key
SSLPassword=xxx SSLProtocol=TLSv1+SSLv3 address=0.0.0.0 SSLEnabled=true
TLSv1+SSLv3 is not allowed for Tomcat 6. It might be possible in the
forthcoming version 6.0.36. It does work for Tomcat 7.
maxThreads=150 scheme=https secure=true/ Error noticed in logs: --
Feb 19, 2012 10:22:57 PM org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: An invalid value [TLSv1+SSLv3] was provided for the
SSLProtocol attribute at
org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:724) at
org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107) at
org.apache.catalina.connector.Connector.initialize(Connector.java:1049) at
org.apache.catalina.core.StandardService.initialize(StandardService.java:703) at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838) at
org.apache.catalina.startup.Catalina.load(Catalina.java:538) at
org.apache.catalina.startup.Catalina.load(Catalina.java:562) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597) at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Feb 19, 2012 10:22:57 PM org.apache.catalina.core.StandardService initialize
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-30002]]
LifecycleException: Protocol handler initialization failed:
java.lang.Exception: An invalid value [TLSv1+SSLv3] was provided for the
SSLProtocol attribute at
org.apache.catalina.connector.Connector.initialize(Connector.java:1051) at
org.apache.catalina.core.StandardService.initialize(StandardService.java:703) at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838) at
org.apache.catalina.startup.Catalina.load(Catalina.java:538) at
org.apache.catalina.startup.Catalina.load(Catalina.java:562) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597) at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Feb 19, 2012 10:22:57 PM org.apache.coyote.ajp.AjpAprProtocol init Is there a
work around to this issue.
Tomcat 6 does not allow that combination. If you didn't get an error
message with older releases this does not mean that it has actuzally worked.
Tomcat 6.0.35 does not work with older 1.1.20 of the APR
Why do you think so?
Feb 21, 2012 1:38:55 PM org.apache.catalina.core.AprLifecycleListener init
INFO: An older version 1.1.20 of the APR based Apache Tomcat Native library is
installed, while Tomcat recommends version greater than 1.1.22
This is an info message containing a recommendation. Not an error.
Feb 21, 2012 1:38:55 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
Feb 21, 2012 1:38:55 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
Feb 21, 2012 1:38:55 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-0.0.0.0-30221
Feb 21, 2012 1:38:55 PM org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: An invalid value [TLSv1+SSLv3] was provided for the
SSLProtocol attribute
True, this value is not allowed, neither for Tomcat 6, nor for TC native
1.1.20.
Either switch to TC 7 or use some other protocol setting, like ALL.
With a little luck, the next Tomcat 6 release will have that feature
backported from TC 7.
You can also apply the patch from
http://people.apache.org/~rjung/patches/tc6-apr-all-sslprotocol-r1145209.patch
and rebuild Tomcat 6.
Regards,
Rainer
-
To unsubscribe, e-mail: