Re: installing certificates

2017-10-11 Thread Adam Pease
Hi Chris and all, I was able to get my system running based on the instructions at https://community.letsencrypt.org/t/configuring-lets-encrypt-with-tomcat-6-x-and-7-x/32416 . I clarified them a little and put them into the context of installing my open source project at

Re: FW: [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection

2017-10-11 Thread Igor Cicimov
On Thu, Oct 12, 2017 at 9:17 AM, Igor Cicimov wrote: > On 12 Oct 2017 8:25 am, "Gali, Vamsi A" > wrote: > > The debug log produced following & it's evident that handshake is failing > due to no ciphers suites in common. > > Allow unsafe

RE: FW: [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection

2017-10-11 Thread Igor Cicimov
On 12 Oct 2017 8:25 am, "Gali, Vamsi A" wrote: The debug log produced following & it's evident that handshake is failing due to no ciphers suites in common. Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure

RE: FW: [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection

2017-10-11 Thread Gali, Vamsi A
The debug log produced following & it's evident that handshake is failing due to no ciphers suites in common. Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false http-bio--Acceptor-0, setSoTimeout(6) called

tomcat 8.5.23 dbcp not honoring autocommit = false?

2017-10-11 Thread Chris Cheshire
Working on a migration from 7 to 8.5, and in it I am now using the tomcat dbcp, instead of apache commons dbcp. I have found that with no other changes to the db code (except the factory param for the resource), it is working fine other than there is an implicit commit happening when I close a

Re: Enforcing server preference for cipher suites

2017-10-11 Thread Harish Krishnan
Thanks for the response, Konstantin. If debugging the tomcat code is the only option, then I will plan to do it sometime soon as it is bit additional work for me. We just use the tomcat binaries In our application. Meanwhile, if anybody have any other suggestions, that is greatly appreciated.

RE: FW: [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection

2017-10-11 Thread Gali, Vamsi A
I see what Igor has suggested and I will be reproducing the issue by adding '-Djavax.net.debug=ssl' to setenv.sh's JAVA_OPTS. Thank you! Thank you, Vamsi Gali -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, October 11, 2017 10:44 AM To:

Re: FW: [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection

2017-10-11 Thread Mark Thomas
On 11/10/2017 14:05, Gali, Vamsi A wrote: > Igor, > > Thank you for the response! > > Since the request is failing at SSL handshake, Tomcat doesn’t even record > anything not even the access log. I tried enabling debug at tomcat but > nothing is captured during the request initiation. Re-read

RE: FW: [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection

2017-10-11 Thread Gali, Vamsi A
Yes, Siva. Both IHS & Tomcat keystores are added with correct CA certs. Webserver Config: Include "rewrites.conf" SSLEnable Include "cipher.conf" Keyfile Key-File # tomcat balancer and proxy section ProxyRequests Off SSLProxyEngine on

Re: FW: [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection

2017-10-11 Thread shivashankar manukondu
Hi, Can you post the web and tomcat servers configuration files. I hope you have added CA root certificate to the backend truststore? Regards, Siva On Wed, Oct 11, 2017 at 3:05 PM, Gali, Vamsi A < vamsi_a_g...@keybank.com.invalid> wrote: > Igor, > > Thank you for the response! > > Since the

RE: Tomcat SSL issue

2017-10-11 Thread Terence M. Bandoian
On 10/10/2017 9:45 AM, John Ellis wrote: John Ellis 405.285.2500 office http://biz-e.io -Original Message- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: Monday, October 9, 2017 4:49 PM To: Tomcat Users List Subject: Re: Tomcat SSL

RE: FW: [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection

2017-10-11 Thread Gali, Vamsi A
Igor, Thank you for the response! Since the request is failing at SSL handshake, Tomcat doesn’t even record anything not even the access log. I tried enabling debug at tomcat but nothing is captured during the request initiation. Thank you, Vamsi Gali -Original Message- From: Igor

Basic question related to NIO connector and Async servlet processing

2017-10-11 Thread Saurav Sarkar
Hi All, I have got a basic question related to usage of Async servlet with tomcat NIO connector. I want to use Async servlet with Non Block I/O as per servlet spec

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-11 Thread Terence M. Bandoian
On 10/10/2017 1:20 AM, Peter Kreuser wrote: Christopher, A good read on the appropriate (openssl) cipher string that I use can be found here: https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ Hynek explains the whys and don'ts and updates the string on a regular basis! HTH

Re: FW: [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection

2017-10-11 Thread Igor Cicimov
On 11 Oct 2017 1:50 am, "Gali, Vamsi A" wrote: Hello, Any help is appreciated on this issue. Thank you, Vamsi Gali -Original Message- From: Gali, Vamsi A Sent: Thursday, October 05, 2017 12:03 PM To: 'Tomcat Users List' Subject: RE: [error] SSL0266E: