also following setting is working for TLS v1 but not with TLS v1.2, so its a bug !!! ....
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="200" clientAuth="false" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="/home/mudassir/certs/ca.pem" SSLCertificateKeyFile="/home/mudassir/certs/k.key" /> On Fri, Jan 3, 2014 at 6:56 PM, Mudassir Aftab <withmudas...@gmail.com>wrote: > HI, > > That was just typo error but on system it is fine and i am keep checking > logs, no warning in it > > also what about following post > > > I just also took interest to dig this issue. > > The Document which you were referring > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native, > is clearly stated that only SSLv2, SSLv3, TLSv1 is support by SSLProtocol > Attribute. > > SSLCipherSuite will only be supported cipher available in SSLv2,SSLv3, > TLSV1. > > TLSv1.1 and TLSV1.2 supported Cipher can't be invoked until TLSv1.1 and > TLSv1.2 is enabled.see the supported Cipher list on TLSV1.2 on openssl > link. http://www.openssl.org/docs/apps/ciphers.html#TLS_v1_2_cipher_suites > > I am happy to see if someone enabled below ciphers without enabling the > TLSv1.2 > > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256 > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384 > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256 > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384 > > > > > On Fri, Jan 3, 2014 at 6:00 PM, David kerber <dcker...@verizon.net> wrote: > >> On 1/3/2014 3:28 AM, Mudassir Aftab wrote: >> >>> Hi, >>> >>> Sorry for asking u same thing again and again, i have tried many things >>> from above document, but nothing works for me, also no errors in the log >>> >>> <Connector port="8443" >>> protocol="org.apache.coyote.http11.Http11AprProtocol" >>> maxThreads="200" >>> clientAuth="false" >>> ciphers="ECDH-ECDSA-AES128-GCM-SHA256" >>> scheme="https" secure="true" SSLEnabled="true" >>> SSLCertificateFile="/home/mudassir/pay/p.pem" >>> SSLCertificateKeyFile="/home/mudassir/p-key.pem" >>> SSLCACertificateFile="/home/mudassir/AdminCA1.pem" /> >>> >>> SSCipherSuit="ECDH-ECDSA-AES128-GCM-SHA256" >>> >>> I really appreciate your help >>> >>> >> If what you list here is what is really in your config file, you're not >> proofreading your configuration entries very well. You have SSLCipherSuite >> misspelled (two missing letters), and it's not inside the connector >> configuration entry. >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >