You're welcome and BTW, thanks for sharing the solution (which is not obvious) !
2013/10/24 Michael Kromarek <[email protected]> > Hi Jérôme, > > I figured out what was causing the problem. > > When I added -Djava.net.debug=ssl to the JAVA_OPTS variable in > /etc/default/tomcat7 and changed the logging level of org.jasig in the > log4j.xml file to debug I caught the following: > > http-apr-8443-exec-10, WRITE: TLSv1 Handshake, length = 177 > http-apr-8443-exec-10, WRITE: SSLv2 client hello message, length = 173 > http-apr-8443-exec-10, handling exception: java.net.SocketException: > Connection reset > http-apr-8443-exec-10, SEND TLSv1 ALERT: fatal, description = > unexpected_message > http-apr-8443-exec-10, WRITE: TLSv1 Alert, length = 2 > http-apr-8443-exec-10, Exception sending alert: java.net.SocketException: > Broken pipe > http-apr-8443-exec-10, called closeSocket() > 2013-10-23 14:54:12,680 ERROR [org.jasig.cas.client.util.CommonUtils] - > <Connection reset> > java.net.SocketException: Connection reset > > I wasn't sure why the connection was issuing a SSLv2 hello message, but > that is what was causing the problem. > > It turned out that even though I had configured Tomcat to only accept > TLSv1 and SSLv3, the JVM was accepting SSLv2. > > To fix the problem I added the following flag to my JAVA_OPTS variable > -Dhttps.protocols=TLSv1 > > Now I can access the services management portion and authenticate users > successfully. > > Thanks for all your help! > --Mike K. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
