> I can login successfully to CAS, e.g. to: > http://portal.acmeinc.com/cas/services
You mentioned SSL configuration but the URL above is plain http. You should configure your servlet container to redirect requests for http to https. Not sure that will solve the problem, but your SSL trace suggests the container is confused about what protocol it is expecting. > http-bio-8443-Acceptor-0, setSoTimeout(60000) called > Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA > ... > TLSv1.1 > Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for > TLSv1.1 I'd be concerned about such a long list of unsupported ciphers. Have you installed the unlimited strength JCE policy files? Probably a good idea if your locale supports it. > Unrecognized SSL message, plaintext connection? > http-bio-8443-exec-1, SEND TLSv1 ALERT: fatal, description = > unexpected_message > http-bio-8443-exec-1, WRITE: TLSv1 Alert, length = 2 > http-bio-8443-exec-1, called closeSocket() > http-bio-8443-exec-1, IOException in getSession(): > javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? The error above suggests you're attempting to speak plain HTTP to a port that's expecting HTTPS. You should doublecheck your servlet connector mappings and web.xml to ensure the proper protocol is going to the proper port. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
