Hi Andy I have removed TLS v1 from server.xml. JRE for JBOSS is 1.7.0.79. Looks like I will have move to minor version 95 and use https.protocols and jdk.tls.client.protocols.
<Connector SSLEnabled="true" clientAuth="false" keystoreFile="C:\EMC\AppSync\jboss\standalone\configuration\cas.jks" maxThreads="150" port="8444" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"/> Thanks Guru Thanks, Guru On Tue, Oct 25, 2016 at 12:35 AM, Andrew Morgan <[email protected]> wrote: > Java 7 supports TLS v1.0, v1.1, and v1.2. See: > > https://blogs.oracle.com/java-platform-group/entry/diagnosin > g_tls_ssl_and_https > > What did you change on the CAS Server (Tomcat) to disable other versions > of TLS? > > Thanks, > Andy > > On Sun, 23 Oct 2016, Guru Prashanth Thanakodi wrote: > > Hi All >> >> Can someone help me here? How to change the JASIG client to communicate >> using TLS v1.2 mode >> >> Thanks >> Guru >> >> Thanks, >> Guru >> >> >> >> On Fri, Oct 21, 2016 at 12:38 PM, Guru Prashanth Thanakodi < >> [email protected]> wrote: >> >> Attaching the stack trace of the failure. >>> >>> Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: >>> handshake_failure >>> at sun.security.ssl.Alerts.getSSLException(Unknown Source) >>> [jsse.jar:1.7.0_79] >>> at sun.security.ssl.Alerts.getSSLException(Unknown Source) >>> [jsse.jar:1.7.0_79] >>> at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) >>> [jsse.jar:1.7.0_79] >>> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) >>> [jsse.jar:1.7.0_79] >>> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown >>> Source) >>> >>> [jsse.jar:1.7.0_79] >>> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) >>> [jsse.jar:1.7.0_79] >>> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) >>> [jsse.jar:1.7.0_79] >>> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) >>> [rt.jar:1.7.0_79] >>> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnectio >>> n.connect(Unknown >>> Source) >>> >>> [rt.jar:1.7.0_79] >>> at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown >>> Source) >>> >>> [rt.jar:1.7.0_79] >>> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputS >>> tream(Unknown >>> Source) >>> >>> [rt.jar:1.7.0_79] >>> at org.jasig.cas.client.validation.Saml11TicketValidator. >>> retrieveResponseFromServer >>> >>> (Saml11TicketValidator.java:216) [cas-client-core-3.2.1.jar:3.2.1] >>> >>> >>> >>> On Friday, 21 October 2016 12:32:49 UTC+5:30, Guru Prashanth Thanakodi >>> wrote: >>> >>>> >>>> Hi All >>>> >>>> We have CAS 3.4.11 deployed on Apache Tomcat 7. Our Application is >>>> deployed on JBOSS 7.1. >>>> >>>> If we disable the TLS 1.0 communication in JASIG CAS Sever(Apache >>>> Tomcat) >>>> , We are unable to login. >>>> >>>> Here is the stack trace >>>> >>>> >>>> >>>> Thanks, >>>> Guru >>>> >>>> >>>> -- >>>> >>> CAS gitter chatroom: https://gitter.im/apereo/cas >>> CAS mailing list guidelines: https://apereo.github.io/cas/ >>> Mailing-Lists.html >>> CAS documentation website: https://apereo.github.io/cas >>> CAS project website: https://github.com/apereo/cas >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/a/ap >>> ereo.org/group/cas-user/ >>> . >>> To view this discussion on the web visit https://groups.google.com/a/ >>> apereo.org/d/msgid/cas-user/baafd574-9319-4c55-8f08- >>> 536b8ca21705%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/baa >>> fd574-9319-4c55-8f08-536b8ca21705%40apereo.org?utm_medium= >>> email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >>> >>> >> -- >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> - CAS mailing list guidelines: https://apereo.github.io/cas/M >> ailing-Lists.html >> - CAS documentation website: https://apereo.github.io/cas >> - CAS project website: https://github.com/apereo/cas >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/a/ap >> ereo.org/d/msgid/cas-user/CAJPPnqC6Rm3bQUNF%3DH-qunSb5VMNBG2 >> o4eWt%3D13NsejOJWBksg%40mail.gmail.com. >> >> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJPPnqB4Cf0nu_O-HC8uVpZcvRMudVG%3DxdAttRkPVoUqoh9eRw%40mail.gmail.com.
