> We are running Debian Squeeze with Tomcat 6 just to use CAS and have > discovered that since the latest Tomcat security upgrade, outgoing > connections to our LDAP server, which is TLS-enables, are failing.
Thanks for reporting this. I'm aware of some changes made to the Sun JSSE libraries with respect to TLS negotiation that attempt to mitigate fundamental weakness in protocol behavior exploited in BEAST and similar known plaintext attacks. I'm not aware of anything having changed in Tomcat per se that would cause problems. Do you have a specific change that you could cite that you suspect is the cause? > Users get the error "CAS is Unavailable -- There was an error trying > to complete your request. Please notify your support desk or try > again." The ldap logs show a "tls negotiation error". Could you perform an SSL trace on the CAS side and share the result? That would be very helpful in tracking down the exact cause. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
