It would be useful to know how tomcat is configured and have an easier
reproducer, especially since there's at least 50% chance the issue is on
its side.
** Changed in: openssl (Ubuntu)
Status: New => Invalid
** Changed in: openssl (Ubuntu)
Status: Invalid => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1677502
Title:
openssl issue in ARM linux
Status in openssl package in Ubuntu:
Incomplete
Bug description:
Hello,
I need to use tomcat7 (secure connection, https) on a raspeberry PI. When I
try to connect using openSSL, I have this error (http works):
1995663600:error:1006706B:elliptic curve
routines:ec_GFp_simple_oct2point:point is not on curve:ecp_oct.c:417:
1995663600:error:1408D132:SSL routines:ssl3_get_key_exchange:bad
ecpoint:s3_clnt.c:1875:
.... CERT INFO ....
No client certificate CA names sent
---
SSL handshake has read 1316 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
58DCAFCE36E7037B17C1B489D7D556EDA35EDCD2169BD0E0270CD93AC92DEB5A
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1490857908
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
I'm using ubuntu xenial:
rasp@rasp-desktop:~$ uname -a
Linux rasp-desktop 4.4.38-v7+ #938 SMP Thu Dec 15 15:22:21 GMT 2016 armv7l
armv7l armv7l GNU/Linux
rasp@rasp-desktop:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial
I did the same test both in the raspberry and in other platforms x86.
I have the issue only in the raspeberry.
Openssl version:
rasp@rasp-desktop:~$ apt-cache policy openssl
openssl:
Installato: 1.0.2g-1ubuntu4.6
Candidato: 1.0.2g-1ubuntu4.6
Tabella versione:
*** 1.0.2g-1ubuntu4.6 500
500 http://ports.ubuntu.com xenial-updates/main armhf Packages
500 http://ports.ubuntu.com xenial-security/main armhf Packages
100 /var/lib/dpkg/status
1.0.2g-1ubuntu4 500
500 http://ports.ubuntu.com xenial/main armhf Packages
tomcat7 version:
rasp@rasp-desktop:~$ apt-cache policy tomcat7
tomcat7:
Installato: 7.0.68-1ubuntu0.1
Candidato: 7.0.68-1ubuntu0.1
Tabella versione:
*** 7.0.68-1ubuntu0.1 500
500 http://ports.ubuntu.com xenial-updates/universe armhf Packages
500 http://ports.ubuntu.com xenial-security/universe armhf Packages
100 /var/lib/dpkg/status
7.0.68-1 500
500 http://ports.ubuntu.com xenial/universe armhf Packages
Java version:
rasp@rasp-desktop:~$ java -version
openjdk version "1.8.0_121"
OpenJDK Runtime Environment (build 1.8.0_121-8u121-b13-0ubuntu1.16.04.2-b13)
OpenJDK Zero VM (build 25.121-b13, interpreted mode)
I have the problem only with the secure connection:
rasp@rasp-desktop:/var/lib/tomcat7/logs$ curl
http://localhost:8080/rest/services/hello
Hello World!!!
rasp@rasp-desktop:/var/lib/tomcat7/logs$ curl
https://localhost:8443/rest/services/hello
curl: (35) gnutls_handshake() failed: The request is invalid.
rasp@rasp-desktop:/var/lib/tomcat7/logs$ wget
https://localhost:8443/rest/services/hello
--2017-03-30 09:40:07-- https://localhost:8443/rest/services/hello
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:8443... connected.
OpenSSL: error:1006706B:elliptic curve routines:ec_GFp_simple_oct2point:point
is not on curve
OpenSSL: error:1408D132:SSL routines:ssl3_get_key_exchange:bad ecpoint
Unable to establish SSL connection.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1677502/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
