Hi Jérôme, I figured out what was causing the problem.
When I added -Djava.net.debug=ssl to the JAVA_OPTS variable in /etc/default/tomcat7 and changed the logging level of org.jasig in the log4j.xml file to debug I caught the following: http-apr-8443-exec-10, WRITE: TLSv1 Handshake, length = 177 http-apr-8443-exec-10, WRITE: SSLv2 client hello message, length = 173 http-apr-8443-exec-10, handling exception: java.net.SocketException: Connection reset http-apr-8443-exec-10, SEND TLSv1 ALERT: fatal, description = unexpected_message http-apr-8443-exec-10, WRITE: TLSv1 Alert, length = 2 http-apr-8443-exec-10, Exception sending alert: java.net.SocketException: Broken pipe http-apr-8443-exec-10, called closeSocket() 2013-10-23 14:54:12,680 ERROR [org.jasig.cas.client.util.CommonUtils] - <Connection reset> java.net.SocketException: Connection reset I wasn't sure why the connection was issuing a SSLv2 hello message, but that is what was causing the problem. It turned out that even though I had configured Tomcat to only accept TLSv1 and SSLv3, the JVM was accepting SSLv2. To fix the problem I added the following flag to my JAVA_OPTS variable -Dhttps.protocols=TLSv1 Now I can access the services management portion and authenticate users successfully. Thanks for all your help! --Mike K. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
