Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-05 Thread Sanaullah
most of the people puking here regarding the tlsv1.1 and tlsv1.2 support in tomcat 7.0.47 or just trying them-self to look over smart. Hi Mudassir, By default there is no support for TLSv1.1 or TLSv1.2 in Tomcat 7.0.47. you have to apply these two patches in order to run TLSv1.1 and tlsv1.2

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-04 Thread Mudassir Aftab
[mailto:withmudas...@gmail.com] Subject: RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Again, we have to submit this as a bug.TLS 1.2 is not working in Tomcat The only evidence you have provided is that your single chosen cipher is not implemented by the version of Firefox you're using - which

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mudassir, On 1/2/14, 7:41 PM, Mudassir Aftab wrote: Thanks for keep replying, is there any way to restrict the cipher suite in the connector configuration?

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chuck, On 1/3/14, 12:32 PM, Caldarale, Charles R wrote: From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Musassir, On 1/3/14, 5:27 PM, Mudassir Aftab wrote: Again, we have to submit this as a bug.TLS 1.2 is not working in Tomcat Tomcat 7.0.74 Oracle Java 1.7.0_45 tcnative 1.1.29 trunk (essentially 1.2.29 tcnative$ make clean tcnative$

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Musassir, On 1/4/14, 4:08 PM, Christopher Schultz wrote: Musassir, On 1/3/14, 5:27 PM, Mudassir Aftab wrote: Again, we have to submit this as a bug.TLS 1.2 is not working in Tomcat Tomcat 7.0.74 Oracle Java 1.7.0_45 tcnative 1.1.29

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-04 Thread Mark Eggers
On 1/4/2014 1:18 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Musassir, On 1/4/14, 4:08 PM, Christopher Schultz wrote: Musassir, On 1/3/14, 5:27 PM, Mudassir Aftab wrote: Again, we have to submit this as a bug.TLS 1.2 is not working in Tomcat Tomcat

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-04 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/4/14, 6:37 PM, Mark Eggers wrote: On 1/4/2014 1:18 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Musassir, On 1/4/14, 4:08 PM, Christopher Schultz wrote: Musassir, On 1/3/14, 5:27 PM, Mudassir

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-04 Thread Sanaullah
you can create the ECC self singed certificates using the below two commands of Openssl openssl ecparam -out sinful.key -name prime256v1 -genkey openssl req -x509 -new -key sinful.key -out sinful-ca.pem -outform PEM -days 3650 root@ubuntu:/# openssl s_client -connect localhost:8443

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-04 Thread Sanaullah
there is also a bug fixed for the support of TLS1.1 and TLS1.2 by Marcel Ĺ ebek. may be that need to apply https://issues.apache.org/bugzilla/show_bug.cgi?id=53952#c1 On Sun, Jan 5, 2014 at 8:18 AM, Sanaullah sanaulla...@gmail.com wrote: you can create the ECC self singed certificates using

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-04 Thread Terence M. Bandoian
On 1/4/2014 3:08 PM, Christopher Schultz wrote: Musassir, On 1/3/14, 5:27 PM, Mudassir Aftab wrote: Again, we have to submit this as a bug.TLS 1.2 is not working in Tomcat Tomcat 7.0.74 Oracle Java 1.7.0_45 tcnative 1.1.29 trunk (essentially 1.2.29 tcnative$ make clean tcnative$

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-04 Thread Terence M. Bandoian
On 1/4/2014 3:08 PM, Christopher Schultz wrote: Musassir, On 1/3/14, 5:27 PM, Mudassir Aftab wrote: Again, we have to submit this as a bug.TLS 1.2 is not working in Tomcat Tomcat 7.0.74 Oracle Java 1.7.0_45 tcnative 1.1.29 trunk (essentially 1.2.29 tcnative$ make clean tcnative$

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Mudassir Aftab
Hi, Sorry for asking u same thing again and again, i have tried many things from above document, but nothing works for me, also no errors in the log Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=200 clientAuth=false

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread David kerber
On 1/3/2014 3:28 AM, Mudassir Aftab wrote: Hi, Sorry for asking u same thing again and again, i have tried many things from above document, but nothing works for me, also no errors in the log Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=200

Fwd: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Sanaullah
, 7.0.42, 7.0.47 To: Tomcat Users List users@tomcat.apache.org From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Should i use following APR connector attribute ? Connector port=8443 protocol

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Mudassir Aftab
HI, That was just typo error but on system it is fine and i am keep checking logs, no warning in it also what about following post I just also took interest to dig this issue. The Document which you were referring

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Mudassir Aftab
also following setting is working for TLS v1 but not with TLS v1.2, so its a bug !!! Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=200 clientAuth=false scheme=https secure=true SSLEnabled=true

RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Caldarale, Charles R
From: David kerber [mailto:dcker...@verizon.net] Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Sorry for asking u same thing again and again, i have tried many things from above document, but nothing works for me, also no errors in the log Connector port=8443 protocol

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Mudassir Aftab
then what could be the working config !!! , can u edit and send it to me ? Regards, Mudassir Aftab

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread David kerber
On 1/3/2014 11:18 AM, Mudassir Aftab wrote: then what could be the working config !!! , can u edit and send it to me ? Regards, Mudassir Aftab Go back and read this thread carefully. There have been several errors pointed out to you which you haven't yet fixed. Fix them (proofreading

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Mudassir Aftab
*Connector Settings:* Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=200 clientAuth=false *SSLCipherSuite=ECDHE-ECDSA-AES128-SHA256* scheme=https secure=true SSLEnabled=true

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread David kerber
On 1/3/2014 12:14 PM, Mudassir Aftab wrote: *Connector Settings:* Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=200 clientAuth=false *SSLCipherSuite=ECDHE-ECDSA-AES128-SHA256* Do you really have the asterisks around this

RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Caldarale, Charles R
From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=200 clientAuth=false *SSLCipherSuite=ECDHE-ECDSA-AES128-SHA256

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Mudassir Aftab
Hi, I just bold it from GMAIL :)

RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Caldarale, Charles R
From: Sanaullah [mailto:sanaulla...@gmail.com] Subject: Fwd: TLS is not working in 6.0.37, 7.0.42, 7.0.47 The Document which you were referring http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native, is clearly stated that only SSLv2, SSLv3, TLSv1 is support

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Mudassir Aftab
Hi, I am getting following error while compiling tomcat-native-1.1.29-src with 1.0.1e-3ubuntu1, shell i ignore this ? src/sslcontext.c: In function 'Java_org_apache_tomcat_jni_SSLContext_make': src/sslcontext.c:77:17: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Mudassir Aftab
Hi , I have compiled tomcat-native-1.1.29-src.tar.gz with 1.0.1e-3ubuntu1 and test it with fresh apache-tomcat-7.0.47.tar.gz. and with following connector settings Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=200 clientAuth=false

RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Caldarale, Charles R
From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Also attached TCP dump logs Actually, you only attached the TCP headers, not the full capture. The headers can't tell us anything. I am again getting following error on FF26

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Mudassir Aftab
[mailto:withmudas...@gmail.com] Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Also attached TCP dump logs Actually, you only attached the TCP headers, not the full capture. The headers can't tell us anything. I am again getting following error on FF26 with TLS 1.2 support Cannot

RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Caldarale, Charles R
From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Did you get wireshark filtered output ? Everybody on this list is a volunteer, with their own real jobs to take care of. If you want immediate attention, you bloody well need

RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Mudassir Aftab
Again, we have to submit this as a bug.TLS 1.2 is not working in Tomcat On Jan 4, 2014 3:16 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Did you get wireshark

RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Caldarale, Charles R
From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Again, we have to submit this as a bug.TLS 1.2 is not working in Tomcat The only evidence you have provided is that your single chosen cipher is not implemented by the version

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread David Kerber
wrote: From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Did you get wireshark filtered output ? Everybody on this list is a volunteer, with their own real jobs to take care of. If you want immediate attention, you bloody well need

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-03 Thread Mark Eggers
On 1/3/2014 2:43 PM, Caldarale, Charles R wrote: From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Again, we have to submit this as a bug.TLS 1.2 is not working in Tomcat The only evidence you have provided is that your single

TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
I need TLSv1.2 support for tomcat, can any one help me by providing TLS v1.2 patch, also where should i actually apply the patch, in JDK / Tomcat / Tomcat Native ?? Also what will be the preferable connector settings ? I am using following connector in Apache Tomcat/7.0.42 Connector port=8443

RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Caldarale, Charles R
From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47 I need TLSv1.2 support for tomcat That's available by default with current OpenSSL versions. Also what will be the preferable connector settings ? Whatever you need them

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
, Charles R chuck.caldar...@unisys.com wrote: From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47 I need TLSv1.2 support for tomcat That's available by default with current OpenSSL versions. Also what will be the preferable connector

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
chuck.caldar...@unisys.com wrote: From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47 I need TLSv1.2 support for tomcat That's available by default with current OpenSSL versions. Also what will be the preferable connector settings

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mudassir, On 1/2/14, 7:21 PM, Mudassir Aftab wrote: Connector port=8443 protocol=HTTP/1.1 maxThreads=200 sslProtocol=TLSv1 sslEnabledProtocols=TLSv1.2 Setting sslProtocol and sslEnabledProtocols will not affect an OpenSSL-based connector

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
I have just configured latest version , following is the log Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR version 1.5.0. Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener init

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
Thanks for keep replying, is there any way to restrict the cipher suite in the connector configuration?

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
How can i test this ? can i test this with Firefox 25 ? Regards, Mudassir Aftab On Fri, Jan 3, 2014 at 5:41 AM, Mudassir Aftab withmudas...@gmail.comwrote: Thanks for keep replying, is there any way to restrict the cipher suite in the connector configuration?

RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Caldarale, Charles R
From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Don't top post - it makes it really hard to follow the conversation. is there any way to restrict the cipher suite in the connector configuration? You were already told how

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
Also how can i restrict cipher in the connector ?? Testing localhost:8443 ** TLSv1:EXP-ADH-RC4-MD5 - ENABLED - WEAK 40 bits ** ** TLSv1:ADH-AES128-SHA - ENABLED - WEAK 128 bits ** ** TLSv1:EXP-ADH-DES-CBC-SHA - ENABLED - WEAK 40 bits ** ** TLSv1:ADH-AES256-SHA - ENABLED - WEAK 256 bits ** **

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
How can i specify AES256-SHA256 cipher in tomcat connector? or where should i specify this ? Regards, Mudassir Aftab

Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Mudassir Aftab
Should i use following APR connector attribute ? Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=200 sslProtocol=TLSv1 sslEnabledProtocols=TLSv1.2 clientAuth=false ciphers=AES256-SHA256 scheme=https

RE: TLS is not working in 6.0.37, 7.0.42, 7.0.47

2014-01-02 Thread Caldarale, Charles R
From: Mudassir Aftab [mailto:withmudas...@gmail.com] Subject: Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47 Should i use following APR connector attribute ? Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=200