I have also tried to apply following patch in tomcat native but it did not helped.
https://issues.apache.org/bugzilla/attachment.cgi?id=30150 tomcat-native-1.1.29-src.tar.gz On Fri, Jan 3, 2014 at 5:21 AM, Mudassir Aftab <withmudas...@gmail.com>wrote: > Hi , > > Thanks for reply, > > I am using following environment > > Description: Ubuntu 12.04.3 LTS > javac 1.7.0_45 > apache-tomcat-7.0.42.tar.gz > apr-1.5.0.tar.gz > tomcat-native-1.1.29-src.tar.gz > openssl 1.0.1-4ubuntu5.10 > > and this how i am configuring Tomcat Native > > ./configure --with-apr=/usr/local/apr/bin/apr-1-config > --with-java-home=$JAVA_HOME --with-ssl=yes --prefix=$CATALINA_HOME > > export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/tomcat7/lib" > > Server.xml: > > <Connector port="8443" protocol="HTTP/1.1" > maxThreads="200" > sslProtocol="TLSv1" sslEnabledProtocols="TLSv1.2" > clientAuth="false" > > scheme="https" secure="true" SSLEnabled="true" > SSLCertificateFile="/home/mudassir/cert.pem" > SSLCertificateKeyFile="/home/mudassir/cert-key.pem" > SSLCACertificateFile="/home/mudassir/CA.pem" /> > > Regards, > Mudassir Aftab > > > > On Fri, Jan 3, 2014 at 2:28 AM, Caldarale, Charles R < > chuck.caldar...@unisys.com> wrote: > >> > From: Mudassir Aftab [mailto:withmudas...@gmail.com] >> > Subject: TLS is not working in 6.0.37, 7.0.42, 7.0.47 >> >> > I need TLSv1.2 support for tomcat >> >> That's available by default with current OpenSSL versions. >> >> > Also what will be the preferable connector settings ? >> >> Whatever you need them to be. The values depend entirely on your >> applications and environment. >> >> > I am using following connector in Apache Tomcat/7.0.42 >> > <Connector port="8443" >> . . . >> > sslEnabledProtocols="TLSv1.2" >> >> The above attribute is for the BIO and NIO connectors, not the APR one >> you are using. You should instead specify: >> SSLProtocol="TLSv1" >> if you want to eliminate SSLv3 (but your client might not like that). >> You can also set SSLCipherSuite to avoid enabling insecure encryption >> mechanisms (see >> http://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher). >> >> > An error occurred during a connection to confidential.com:8443. Cannot >> > communicate securely with peer: no common encryption algorithm(s). >> >> This means the client you're using and your build of OpenSSL have nothing >> in common. Use Wireshark or tcpdump and determine just which protocols >> your client is attempting to negotiate with, and insure that those are >> enabled in your build of OpenSSL. >> >> - Chuck >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is thus for use only by the intended recipient. If you >> received this in error, please contact the sender and delete the e-mail and >> its attachments from all computers. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
