Thanks for keep replying, is there any way to restrict the cipher suite in the connector configuration?
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5 On Fri, Jan 3, 2014 at 5:35 AM, Mudassir Aftab <withmudas...@gmail.com>wrote: > I have just configured latest version , following is the log > > Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener init > INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR > version 1.5.0. > Jan 03, 2014 12:33:58 AM org.apache.catalina.core.AprLifecycleListener init > > INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters > [false], random [true]. > Jan 03, 2014 12:33:59 AM org.apache.catalina.core.AprLifecycleListener > initializeSSL > INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012) > Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init > INFO: Initializing ProtocolHandler ["http-apr-8443"] > Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init > INFO: Initializing ProtocolHandler ["http-apr-8080"] > Jan 03, 2014 12:34:00 AM org.apache.coyote.AbstractProtocol init > INFO: Initializing ProtocolHandler ["ajp-apr-8009"] > Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.Catalina load > INFO: Initialization processed in 3145 ms > Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardService > startInternal > INFO: Starting service Catalina > Jan 03, 2014 12:34:00 AM org.apache.catalina.core.StandardEngine > startInternal > INFO: Starting Servlet Engine: Apache Tomcat/7.0.47 > Jan 03, 2014 12:34:00 AM org.apache.catalina.startup.HostConfig > deployDirectory > INFO: Deploying web application directory /opt/tomcat7/webapps/host-manager > Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig > deployDirectory > INFO: Deploying web application directory /opt/tomcat7/webapps/docs > Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig > deployDirectory > INFO: Deploying web application directory /opt/tomcat7/webapps/manager > Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig > deployDirectory > INFO: Deploying web application directory /opt/tomcat7/webapps/ROOT > Jan 03, 2014 12:34:05 AM org.apache.catalina.startup.HostConfig > deployDirectory > INFO: Deploying web application directory /opt/tomcat7/webapps/examples > Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start > INFO: Starting ProtocolHandler ["http-apr-8443"] > Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start > INFO: Starting ProtocolHandler ["http-apr-8080"] > Jan 03, 2014 12:34:07 AM org.apache.coyote.AbstractProtocol start > INFO: Starting ProtocolHandler ["ajp-apr-8009"] > Jan 03, 2014 12:34:07 AM org.apache.catalina.startup.Catalina start > INFO: Server startup in 7422 ms > > > > On Fri, Jan 3, 2014 at 5:31 AM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Mudassir, >> >> On 1/2/14, 7:21 PM, Mudassir Aftab wrote: >> > <Connector port="8443" protocol="HTTP/1.1" maxThreads="200" >> > sslProtocol="TLSv1" sslEnabledProtocols="TLSv1.2" >> >> Setting sslProtocol and sslEnabledProtocols will not affect an >> OpenSSL-based connector (which you have configured). As Chuck >> previously stated, you need to use different configuration attributes >> when using OpenSSL. Please read the documentation for the APR >> connector and those configuration attributes that affect the SSL engine. >> >> You might want to tell us how you are trying to connect, too. Also, >> run "openssl ciphers" on your system to see what ciphers are supported >> by your OpenSSL, and compare those to the list supported by your >> client. Perhaps you have a legitimate mismatch and TLS 1.2 itself >> isn't the problem. >> >> - -chris >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> Comment: GPGTools - http://gpgtools.org >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> >> iQIcBAEBCAAGBQJSxgTjAAoJEBzwKT+lPKRYcYcQAK9VZ5EncegU2zmkArxtf7dO >> NvIdSzKW9oyjDngFRc/pSga79Crj1SbnhY/SrwZLCv81MWuSjjgFpIBi/RlFMjpG >> ScFBU4NNT5HxGl0+0Eec9qcw93ObTKGPf8SkDjAfvpI2uzNH8DK/lHdqbqAksVGO >> dZGdYPAHMx4ssTc6ADKtwaXmbdJW2yo0VNp1t5bsUEJE2BYPnV8kh0djj2fME0zo >> B951A6YKyeL37c+zcAHEdbqKS1tmpk7bwuyhsXnmPCdrh6pRcqBuEGWKywCvDPw6 >> dopMmAd7ngGcEM4v24L5Fsv7nm2KeZL+BY+pyehxJCnP4EEobw0KtGEvzsMQn+hP >> tPQ2mpxEaKIgPxe09soHCYxTM5HqtXdK25pNZBpOcTBWCJH1tz+sA5z6h7ruJNI6 >> fVszEZEtCevkvwkP9GYWZ3mhdvHXE1rGtpc4u2/vCJCr0Hbszv0YS6LgQVWAxrQY >> b0qJLeYX+MAUGdC0Y3jLT/qes1XeK4wlugfFTP3Q2l6sKo2g7sWt8b2QDc9bKjHV >> kAmG1OPEzMe9d3IU6+2IPg0R3Ztdv9u2jUXZMzbmhfrs1B4c0tvRt769GKlxgRpS >> FulJgmIamfnHuRIVGUJUc30tr7e3Ozg0TduAuxnXEseb5gPR34k5O2hZO4bvqZpT >> HzFL8i8XSzQPIOQTM47s >> =xCfN >> -----END PGP SIGNATURE----- >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >