> Date: Fri, 20 Dec 2013 14:06:30 -0500 > From: ch...@christopherschultz.net > To: users@tomcat.apache.org > Subject: Re: ssl_error_internal_error_alert in tomcat 7 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Jaya, > > On 12/20/13, 10:52 AM, jaya ravindran wrote: > >> No client certificate CA names sent --- SSL handshake has read > >> 1166 bytes and written 303 bytes --- New, TLSv1/SSLv3, Cipher is > >> EDH-RSA-DES-CBC3-SHA Server public key is 1023 bit Secure > >> Renegotiation IS supported SSL-Session: Protocol : TLSv1 Cipher > >> : EDH-RSA-DES-CBC3-SHA Session-ID: > >> 52B463FFE2D5638DE0E2AE86EE9AFB0DBD6F6DB4E042C411148491D76D8A4B09 > >> Session-ID-ctx: Master-Key: > >> 4AE6604C872A681708E872C970E4D3BADCE22701A2BE5E43110D0F99C86CA6A04313B3381E914A9BA460849C2C60C7F8 > >> > >> > Key-Arg : None > >> Start Time: 1387553791 Timeout : 300 (sec) Verify return code: > >> 18 (self signed certificate) --- closed That means server can do > >> TLSv1. Then why can't it connect with TLS protocol on browsers. > > > Well, did *did* explicitly disable TLS on your web browser, so maybe > that's why. > I can get TLS1.0 connection to some other sites. > What if you use "openssl s_client -ssl3"? Tried with -ssl3. Got back the following SSL handshake has read 3426 bytes and written 284 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit Secure Renegotiation IS supported SSL-Session: Protocol : SSLv3 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: 52B4960B812952824F26DCA6DB67455143F624E615D1CAADA39E2831676944C7 Session-ID-ctx: Master-Key: A871539A23FD30DB1336B8B95AF50026DEDC0ADA79B80706E9B8CAA5E59E90AFAA2BEC8FA60FCCF32C0415EEA4D6F21B Key-Arg : None Start Time: 1387566603 Timeout : 7200 (sec) Verify return code: 19 (self signed certificate in certificate chain)
> > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJStJUzAAoJEBzwKT+lPKRYNs8P/134CDbGmyX+w4LTpxEO+bG+ > QmcnQgiOCz67vv4uoALNsBHDs04fqUDJVt0t4iVh4qUwzieeI0vyiTo8Gki1Aggb > Qm4Y6SLrtuAXyo/bTecFIJjXd6CVmzBuRHyVus/yuIeCUlyIvmXDuBq/QKtw3Txp > w8IFNsGTWhzxkYZpLkKGKOkbWWHKRlKQdOxd91EWBY92R7cmfWVI5H5NGyCVCYLZ > TVhaoL3F+oT+abvLwHoMpOs+Rei6iuVXnpyDa8mXPs1Ci5mB3jvVlN8G313rqCV/ > Xf3zicvSwyNzSBTAridl3si8mWXXWyN4LerDxc/+EOumakXb6M2okyGBIT9BJdhA > 29H7DgfTYwjtmRhxIO2f6x/wcX74otZ/3tR2l64vAP1ZLCgzdHa+bTfmskDpBNSl > 1trdUs9t/nUpCROjFPJUAzmwgYlxUIGX6Gyyy7akQEKd1X47AC2LESBr/nOZc/rT > xqv2S6z45dj9KwcPaxK4eSmg01Qf+J4l0a9bqR3WpnXp5U5q9vn+yeKFpLRnsBSg > a5GTZuBgg9x+GJ5xv3ukBeJs5bI8Fa96BwrJd7ZHLCkYuKR+k5J/9jYBSZhUdyzP > 4/IFkpag+oAN1U9exhd5ispZBI5xbZVp6Naoekov6VUX67DW0NV7B2Ou5T+vmLoL > ntnFhOgqN6LgHejUjd+R > =ZFBX > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >