-----Original Message----- From: Thomas, Steve [mailto:stho...@vocollect.com] Sent: Wednesday, February 13, 2013 11:10 AM To: Tomcat Users List Subject: RE: Tomcat upgrade ->SSL handshake failure?
-----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, February 13, 2013 10:52 AM To: Tomcat Users List Subject: Re: Tomcat upgrade ->SSL handshake failure? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Steve, On 2/12/13 9:52 AM, Thomas, Steve wrote: > Hi. We have been running Tomcat 7.0.23 in our test environment until > recently, then upgraded to 7.0.35. After the upgrade, our tests > started failing intermittently with > > <urlopen error [Errno 1] _ssl.c:503: error:14094410:SSL > routines:SSL3_READ_BYTES:sslv3 alert handshake failure> That looks like a load of fun. [[snip]] It's more likely that the JVM is more strict. Did you upgrade the JVM as well? > If it isn't Tomcat--if something else must have changed--what would be > the most likely explanation? *shrug* I think you need more data on the situations where this actually occurs: what URL, which port, etc. When you hit your service, you are hitting these servers directly, right -- that is, there isn't a load-balancer or anything like that in between your client and your server (as configured above)? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEbtrUACgkQ9CaO5/Lv0PD0uwCeKg6VFK3IQZIiEt1GqireVHuC 2HAAoIvnJGon20Kl7Ief6tWFY/gf4jCi =D9lF -----END PGP SIGNATURE----- --------------------------------------------------------------------- Chris: You're right that we did upgrade our JVM as well; I should have mentioned that. I will follow up on the remainder of your email later, but in the meantime wanted to say thanks and good catch on the JVM! Regards, Steve This message is intended only for the named recipient. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action based on the contents of this information is strictly prohibited. --------------------------------------------------------------------- Update: A coworker just found this: http://stackoverflow.com/questions/14167508/intermittent-sslv3-alert-handshake-failure-under-python which looks promising and explains the intermittent behavior. We are going to try to limit the ciphers to see if that fixes things. Regards, Steve This message is intended only for the named recipient. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action based on the contents of this information is strictly prohibited.
