Re: SSL connect to APR fails - bad version

2011-11-09 Thread André Warnier
Kobe, nothing is wrong. It was just my lack of familiarity with the SSL client that was the cause of my puzzlement. Konstantin's answer already cleared that up for me. I was just wondering what you were trying to do, connecting to Tomcat with a command-line client, and you did not provide a

Re: SSL connect to APR fails - bad version

2011-11-08 Thread Kobe
Tomcat is also a servlet container and may be used to host web services. That is the case here. the web service client is hosted in a BEA weblogic server and attempts to connect to the web service over SSL. /Kobe awarnier wrote: Kobe wrote: I build tcnative and apr from src with exist ver

Re: SSL connect to APR fails - bad version

2011-11-08 Thread Kobe
Actually, whether it be webaccess or webservice access, i not follow your confusion. pleas explain why this is wrong. /Kobe Kobe wrote: Tomcat is also a servlet container and may be used to host web services. That is the case here. the web service client is hosted in a BEA weblogic server

Re: SSL connect to APR fails - bad version

2011-11-08 Thread Kobe
thank for your help. here is more info on my setup: tomcat version 6.0.29. And tomcat is startin clean; no ererors while loading. if I use tls1, I get same error as before (bad version). when i test with openssl s_client, I check line 293 of s3_pkt.c. it say -- if ((version8) !=

Re: SSL connect to APR fails - bad version

2011-11-08 Thread Kobe
many thanks again for your time and help. Problem is: same openssl version working on another server and successfuly setup SSLv3 connections with same client. So I am thinking, there is misconfigure on this server. i would like to find why this server respond with SSLv2 ClientHello instead of

Re: SSL connect to APR fails - bad version

2011-11-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kobe, On 11/8/11 2:01 PM, Kobe wrote: thank for your help. here is more info on my setup: tomcat version 6.0.29. And tomcat is startin clean; no ererors while loading. if I use tls1, I get same error as before (bad version). when i test with

Re: SSL connect to APR fails - bad version

2011-11-08 Thread Kobe
thank you Chris. I know the server (APR) is sending SSLv2 ClientHello because ssl debugs show it: // from ${CATALINA_HOME}/bin/setenv.sh: export JAVA_OPTS=... -Djavax.net.debug=ssl //... # sh ${CATALINA_HOME}/bin/startup.sh // from client $ openssl s_client -connect

RE: SSL connect to APR fails - bad version

2011-11-08 Thread Adamus, Steven J.
@tomcat.apache.org Subject: Re: SSL connect to APR fails - bad version thank you Chris. I know the server (APR) is sending SSLv2 ClientHello because ssl debugs show it: // from ${CATALINA_HOME}/bin/setenv.sh: export JAVA_OPTS=... -Djavax.net.debug=ssl //... # sh ${CATALINA_HOME}/bin

Re: SSL connect to APR fails - bad version

2011-11-07 Thread Marvin Addison
The following works as expected on my config (6.0.26) using the default protocols and cipher suite as in your config: $ openssl s_client -connect eiger:443 -debug -ssl3 CONNECTED(0003) ... Something in your SSL version jumped out at me: OpenSSL 0.9.8e-fips-rhel5 Looks like you're running

Re: SSL connect to APR fails - bad version

2011-11-06 Thread André Warnier
Kobe wrote: I build tcnative and apr from src with exist ver of openssl (means openssl not build my me). I load apr connector in tomcat as below. when my client connect, I cannot connect: i get bad version. please explain what I do wrong? server# ./apr-1-config --version 1.4.5 server#

Re: SSL connect to APR fails - bad version

2011-11-06 Thread Konstantin Kolinko
2011/11/6 Kobe r...@mailcity.com: I build tcnative and apr from src with exist ver of openssl (means openssl not build my me). I load apr connector in tomcat as below. when my client connect, I cannot connect: i get bad version. please explain what I do wrong? server# ./apr-1-config