I am using CAS 3.4.11. I faced issues with 1.8 JRE. Aspectj version had issues with 1.8 JRE. Now we don't have support to get the latest minor version of 1.7. So I am stuck as of now. Thanks Andy for your help...
Thanks Guru On 25 Oct 2016 9:36 p.m., "Andrew Morgan" <[email protected]> wrote: > Yeah, I think you're running into a client side problem. You'll need to > configure your client software (Java?) to default to TLSv1.2 instead of > TLSv1. My testing suggests that Java7 clients default to a TLSv1 > handshake. You could also try to upgrade your client to Java8. > > Andy > > On Tue, 25 Oct 2016, Guru Prashanth Thanakodi wrote: > > Hi Andy >> >> I have removed TLS v1 from server.xml. JRE for JBOSS is 1.7.0.79. Looks >> like I will have move to minor version 95 and use https.protocols and >> jdk.tls.client.protocols. >> >> <Connector SSLEnabled="true" clientAuth="false" >> keystoreFile="C:\EMC\AppSync\jboss\standalone\configuration\cas.jks" >> maxThreads="150" port="8444" >> protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" >> secure="true" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"/> >> >> >> >> Thanks >> Guru >> >> Thanks, >> Guru >> >> >> >> On Tue, Oct 25, 2016 at 12:35 AM, Andrew Morgan <[email protected]> wrote: >> >> Java 7 supports TLS v1.0, v1.1, and v1.2. See: >>> >>> https://blogs.oracle.com/java-platform-group/entry/diagnosin >>> g_tls_ssl_and_https >>> >>> What did you change on the CAS Server (Tomcat) to disable other versions >>> of TLS? >>> >>> Thanks, >>> Andy >>> >>> On Sun, 23 Oct 2016, Guru Prashanth Thanakodi wrote: >>> >>> Hi All >>> >>>> >>>> Can someone help me here? How to change the JASIG client to communicate >>>> using TLS v1.2 mode >>>> >>>> Thanks >>>> Guru >>>> >>>> Thanks, >>>> Guru >>>> >>>> >>>> >>>> On Fri, Oct 21, 2016 at 12:38 PM, Guru Prashanth Thanakodi < >>>> [email protected]> wrote: >>>> >>>> Attaching the stack trace of the failure. >>>> >>>>> >>>>> Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: >>>>> handshake_failure >>>>> at sun.security.ssl.Alerts.getSSLException(Unknown Source) >>>>> [jsse.jar:1.7.0_79] >>>>> at sun.security.ssl.Alerts.getSSLException(Unknown Source) >>>>> [jsse.jar:1.7.0_79] >>>>> at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) >>>>> [jsse.jar:1.7.0_79] >>>>> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) >>>>> [jsse.jar:1.7.0_79] >>>>> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown >>>>> Source) >>>>> >>>>> [jsse.jar:1.7.0_79] >>>>> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) >>>>> [jsse.jar:1.7.0_79] >>>>> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) >>>>> [jsse.jar:1.7.0_79] >>>>> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) >>>>> [rt.jar:1.7.0_79] >>>>> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnectio >>>>> n.connect(Unknown >>>>> Source) >>>>> >>>>> [rt.jar:1.7.0_79] >>>>> at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown >>>>> Source) >>>>> >>>>> [rt.jar:1.7.0_79] >>>>> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputS >>>>> tream(Unknown >>>>> Source) >>>>> >>>>> [rt.jar:1.7.0_79] >>>>> at org.jasig.cas.client.validation.Saml11TicketValidator. >>>>> retrieveResponseFromServer >>>>> >>>>> (Saml11TicketValidator.java:216) [cas-client-core-3.2.1.jar:3.2.1] >>>>> >>>>> >>>>> >>>>> On Friday, 21 October 2016 12:32:49 UTC+5:30, Guru Prashanth Thanakodi >>>>> wrote: >>>>> >>>>> >>>>>> Hi All >>>>>> >>>>>> We have CAS 3.4.11 deployed on Apache Tomcat 7. Our Application is >>>>>> deployed on JBOSS 7.1. >>>>>> >>>>>> If we disable the TLS 1.0 communication in JASIG CAS Sever(Apache >>>>>> Tomcat) >>>>>> , We are unable to login. >>>>>> >>>>>> Here is the stack trace >>>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> Guru >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> CAS gitter chatroom: https://gitter.im/apereo/cas >>>>> CAS mailing list guidelines: https://apereo.github.io/cas/ >>>>> Mailing-Lists.html >>>>> CAS documentation website: https://apereo.github.io/cas >>>>> CAS project website: https://github.com/apereo/cas >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups >>>>> "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an >>>>> email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> Visit this group at https://groups.google.com/a/ap >>>>> ereo.org/group/cas-user/ >>>>> . >>>>> To view this discussion on the web visit https://groups.google.com/a/ >>>>> apereo.org/d/msgid/cas-user/baafd574-9319-4c55-8f08- >>>>> 536b8ca21705%40apereo.org >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/baa >>>>> fd574-9319-4c55-8f08-536b8ca21705%40apereo.org?utm_medium= >>>>> email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/a/ap >>>>> ereo.org/d/optout. >>>>> >>>>> >>>>> -- >>>> - CAS gitter chatroom: https://gitter.im/apereo/cas >>>> - CAS mailing list guidelines: https://apereo.github.io/cas/M >>>> ailing-Lists.html >>>> - CAS documentation website: https://apereo.github.io/cas >>>> - CAS project website: https://github.com/apereo/cas >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups >>>> "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an >>>> email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/a/ap >>>> ereo.org/d/msgid/cas-user/CAJPPnqC6Rm3bQUNF%3DH-qunSb5VMNBG2 >>>> o4eWt%3D13NsejOJWBksg%40mail.gmail.com. >>>> >>>> >>>> >> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJPPnqBtEq5TALPmyZZPHJ0i9KUt3wtzSfJs7kbM2DuF6zzVoA%40mail.gmail.com.
