Hi, The first request after the Server is started gets rejected. I am setting my connector as follows:
IntrospectionUtils.setProperty( this, "sslProtocol", "TLS" ); IntrospectionUtils.setProperty( this, "keystore", keyStoreFile ); IntrospectionUtils.setProperty( this, "keypass", keyStorePassword ); IntrospectionUtils.setProperty( this, "SSLEnabled", "true" ); IntrospectionUtils.setProperty( this, "ciphers", cipherSet ); This is my connector configuration. I am now setting cipher,as you can see. And it is selecting the specified cipher,so that way I can limit the cipher sets to be selected by Server. On Wednesday, 9 October 2013 5:45 PM, Christopher Schultz <ch...@christopherschultz.net> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chirag, On 10/8/13 9:48 PM, Chirag Dewan wrote: > For this particular cipher, the server sends a RST to the client > after the certificate exchange is done. And the handshaking > fails,for the first time only. Second request onwards handshaking > happens and the traffic flows as usual. > > What I understand is,I can provide a set of ciphers to the > connector and the client will select from that particular set and > can thus avoid the particular cipher. Technically speaking, the server selects the cipher given the list sent by the client and any restrictions the server has (e.g. using the "ciphers" list from your connector). It's very strange that the server would be selecting that (evidently missing) cipher in the first place (then failing) and then choosing it /again/ and succeeding. I must be missing something. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSVUi4AAoJEBzwKT+lPKRYvn4P/AlheFMNQ/6b+tydwX6/YzlQ gbI20pnDMZV2+03lQB/3ACLNmWWkS4NbjW/6FeYfaN8yEZFMP0EwvnTkVye9VMaG RlGpgNjOsANruNrtmDT/frAIGjLQxQM+f+4Bjc+TGBSNAnjeoDnintDhEAcXHtpp NaL2H2IJMtXJrGBhfZ3z0xu1gYLY6+SCuSeilahl6uvMS1PU0s5KT0Nm3D8xIkeC L48yU+y0kVV9Ok2gojNPxCxKt6EJP+/WrR37q+H7LFCsfESKG8yYK72tBU0ex6Z2 mUinqnYcbLXTGrtWzuFJUGMUyJWpLeuZJii5McBtwqudOnbFWo8hbXPKj2IfEMMT FuSBJgLyVXAoZ51SrRYCOjYMy3tH2kB4FgHc43GWlxwznrHVgTeOUe5OQRiFpfa5 BDKCtEQF/xHUp9zE2BKpvieR1lCxUc+8zgJvThvFElGkvdenK0kgE1RgsgEf9cTv cgyr+PM6T8Yp99ngj69kfqvTt8tNfg8UUZVzHmUPj4zMEII9uKRElk26g31yiRf7 2FXguR1ANn2cbn6mDQvrE48LjfQ6Zupr6XWUXSBffenI3yyJdeueRc0BvrY4LUYH Yn2OVjd0NnITmqfDje03cDxtosGJTESUc+LtBK4eJUYftkSgGMxZmKE0tM+QucVM k0EQUBpo4cU/QqFZ6lyU =3uiN -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
