Hello, We are currently running two CAS servers in a primary/failover setup behind a Cisco ACE load balancer. Our networking department is upgrading to an F5 load balancer. During testing of CAS on the new F5 load balancer I am receiving the exception below during authentication. It has occurred on multiple applications, so I know it is not related to the application.
Our Setup: CAS 3.5.3 JDK 1.7 Tomcat 7 (behind an Apache HTTP Server) Is it possible I need to change the hash algorithm and/or cipher suites within my ssl.conf in Apache? I believe they have configured F5 to only allow TLS 1.2 connections. java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer( Saml11TicketValidator.java:275) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate( AbstractUrlBasedTicketValidator.java:200) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter( AbstractTicketValidationFilter.java:206) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:208) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter( AuthenticationFilter.java:161) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke( StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke( StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke( AuthenticatorBase.java:505) at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:957) at org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:423) at org.apache.coyote.http11.AbstractHttp11Processor.process( AbstractHttp11Processor.java:1079) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( AbstractProtocol.java:620) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run( JIoEndpoint.java:318) at java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run( ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run( TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake( SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect( AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0( HttpURLConnection.java:1282) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream( HttpURLConnection.java:1257) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream( HttpsURLConnectionImpl.java:250) at org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer( Saml11TicketValidator.java:259) ... 22 more -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
