> Date: Fri, 20 Dec 2013 14:43:30 -0500
> From: ch...@christopherschultz.net
> To: users@tomcat.apache.org
> Subject: Re: ssl_error_internal_error_alert in tomcat 7
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> Thanks for the suggestions!!
> Jaya,
>
> On 12/20/13, 2:13 PM, jaya ravindran wrote:
> >> Tried with -ssl3. Got back the following SSL handshake has read
> >> 3426 bytes and written 284 bytes --- New, TLSv1/SSLv3, Cipher is
> >> EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit
>
> You really need to increase the size of your public key. 1024 bits is
> considered dangerous these days. Recently, Microsoft Windows
> (finally!) issued an update that requires all SSL/TLS connections to
> have >1024 bit key sizes. Any chance you're being bitten by that?
> These days, I wouldn't use anything less than a 4096-bit server key.
> Can you re-create your key, cert, etc.? The output of s_client shows
> you have a self-signed certificate so you shouldn't have any problem
> doing that. Perhaps it will fix everything. (?)
Changed key size is not fixing the problem. I
>
> >> Secure Renegotiation IS supported SSL-Session: Protocol : SSLv3
> >> Cipher : EDH-RSA-DES-CBC3-SHA Session-ID:
> >> 52B4960B812952824F26DCA6DB67455143F624E615D1CAADA39E2831676944C7
> >> Session-ID-ctx: Master-Key:
> >> A871539A23FD30DB1336B8B95AF50026DEDC0ADA79B80706E9B8CAA5E59E90AFAA2BEC8FA60FCCF32C0415EEA4D6F21B
> >>
> >>
> Key-Arg : None
> >> Start Time: 1387566603 Timeout : 7200 (sec) Verify return code:
> >> 19 (self signed certificate in certificate chain)
>
> The "verify return code" is different -- not sure what the difference
> between 18 and 19 is -- but otherwise things look okay to me.
>
> Is the site public? If so, can you email me the URL privately and I
> can take a look?
Not a public site.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJStJ3iAAoJEBzwKT+lPKRY6hgP/2JxByzzNVwsAOowrzBVV8z3
> nqP6DC8j+UoFsHBes946ofAi8o2uc7TIJ/TTW4ylf7OIc4sTGOV6X9pn68lHR4io
> 3ZzMgBHbuSAmVazVNa+7Syy1LkxfzT6fnD8NXF70M10r0XUTVJRGVBRqMbhxdAsj
> 4swWydanJz0Yjqbbn4vWZnvIMuwa4cKUCyLOwvKZwWTjtXqfZj3z7n6eiyHt9kBN
> Mo2BCrJpG52OBesELkTWZuawFm3Wpar0KaDm+34ve139lf2IOqqwoW3uXyLYfRTM
> BR0/2OxxY/KxwHUgsllgk6yOmKsdxvphAAVJKTWdl3J0I0EpaSvXBDXnJGGes6cl
> 6yhpITtmjx9xbrRuWWqvie5QWiZ3PxwoR8lsOR1tbLxeRSxgGsQ1KtjV5YSsmfb/
> n3D/jhYevUYurE59gAjOSQqpLF+LYTVqhM4lNVGaGTMkDissCC/w9TIzZoJPK7UL
> d/Dh9+cpN2U0IqpV7QMwDu38rLetR+KqZYolFoTTdHBgc/q7R9r2y1vTdihK2NgL
> JJ98TQXRJ1v8iqfWenRSBgwFvCPzeATskYphxZHl3ANPQK218BlOUrc8TJTU5Dip
> 9d6VWlKdSqVgpzc/2FYhe9QoP9KlFj96NqlSw54Fw+g+zjD7VAILLrYX1GLWSd3t
> EkRYC/2aSmjZQu87Fb2P
> =y0Tn
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
