Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

Fri, 03 Jan 2014 12:47:45 -0800 

Hi ,

I have compiled tomcat-native-1.1.29-src.tar.gz with 1.0.1e-3ubuntu1 and
test it with fresh apache-tomcat-7.0.47.tar.gz. and with following
connector settings

<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
           maxThreads="200"
           clientAuth="false"
           SSLCipherSuite="ECDHE-ECDSA-AES128-SHA256"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/home/mudassir/p.pem"
           SSLCertificateKeyFile="/home/mudassir/p-key.pem"
           SSLCACertificateFile="/home/mudassir/p/AdminCA1.pem" />

Tomcat Logs:
Jan 03, 2014 8:25:32 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR
version 1.5.0.
Jan 03, 2014 8:25:32 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Jan 03, 2014 8:25:32 PM org.apache.catalina.core.AprLifecycleListener
initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1e 11 Feb 2013)
Jan 03, 2014 8:25:33 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8443"]
Jan 03, 2014 8:25:33 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8080"]
Jan 03, 2014 8:25:33 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
Jan 03, 2014 8:25:33 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 3189 ms
Jan 03, 2014 8:25:33 PM org.apache.catalina.core.StandardService
startInternal
INFO: Starting service Catalina
Jan 03, 2014 8:25:33 PM org.apache.catalina.core.StandardEngine
startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.47
Jan 03, 2014 8:25:33 PM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory /opt/tomcat7/webapps/host-manager
Jan 03, 2014 8:25:55 PM org.apache.catalina.util.SessionIdGenerator
createSecureRandom
INFO: Creation of SecureRandom instance for session ID generation using
[SHA1PRNG] took [19,247] milliseconds.
Jan 03, 2014 8:25:55 PM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory /opt/tomcat7/webapps/docs
Jan 03, 2014 8:25:55 PM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory /opt/tomcat7/webapps/manager
Jan 03, 2014 8:25:55 PM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory /opt/tomcat7/webapps/ROOT
Jan 03, 2014 8:25:56 PM org.apache.catalina.startup.HostConfig
deployDirectory
INFO: Deploying web application directory /opt/tomcat7/webapps/examples
Jan 03, 2014 8:25:57 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-apr-8443"]
Jan 03, 2014 8:25:57 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-apr-8080"]
Jan 03, 2014 8:25:58 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-apr-8009"]

Also attached TCP dump logs , I am again getting following error on FF26
with TLS 1.2 support
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)

20:36:23.496965 IP 10.10.0.147.18938 > example.com.8443: Flags [S], seq 
435979095, win 8192, options [mss 1366,nop,wscale 2,nop,nop,sackOK], length 0
20:36:23.497066 IP example.com.8443 > 10.10.0.147.18938: Flags [S.], seq 
1576579154, ack 435979096, win 29200, options [mss 
1460,nop,nop,sackOK,nop,wscale 7], length 0
20:36:23.739969 IP 10.10.0.147.18938 > example.com.8443: Flags [.], ack 1, win 
4098, length 0
20:36:24.023396 IP 10.10.0.147.18938 > example.com.8443: Flags [P.], seq 1:202, 
ack 1, win 4098, length 201
20:36:24.023471 IP example.com.8443 > 10.10.0.147.18938: Flags [.], ack 202, 
win 237, length 0
20:36:24.023964 IP example.com.8443 > 10.10.0.147.18938: Flags [P.], seq 1:8, 
ack 202, win 237, length 7
20:36:24.024187 IP example.com.8443 > 10.10.0.147.18938: Flags [F.], seq 8, ack 
202, win 237, length 0
20:36:24.713659 IP 10.10.0.147.18938 > example.com.8443: Flags [F.], seq 202, 
ack 8, win 4096, length 0
20:36:24.713726 IP example.com.8443 > 10.10.0.147.18938: Flags [.], ack 203, 
win 237, length 0
20:36:24.956342 IP 10.10.0.147.18939 > example.com.8443: Flags [S], seq 
3315815756, win 8192, options [mss 1366,nop,wscale 2,nop,nop,sackOK], length 0
20:36:24.956402 IP example.com.8443 > 10.10.0.147.18939: Flags [S.], seq 
3575233717, ack 3315815757, win 29200, options [mss 
1460,nop,nop,sackOK,nop,wscale 7], length 0
20:36:24.956415 IP 10.10.0.147.18938 > example.com.8443: Flags [.], ack 9, win 
4096, length 0
20:36:25.225229 IP 10.10.0.147.18940 > example.com.8443: Flags [S], seq 
821209259, win 8192, options [mss 1366,nop,wscale 2,nop,nop,sackOK], length 0
20:36:25.225278 IP example.com.8443 > 10.10.0.147.18940: Flags [S.], seq 
2980117984, ack 821209260, win 29200, options [mss 
1460,nop,nop,sackOK,nop,wscale 7], length 0
20:36:25.468393 IP 10.10.0.147.18939 > example.com.8443: Flags [.], ack 1, win 
4098, length 0
20:36:25.468436 IP 10.10.0.147.18939 > example.com.8443: Flags [P.], seq 1:180, 
ack 1, win 4098, length 179
20:36:25.468481 IP example.com.8443 > 10.10.0.147.18939: Flags [.], ack 180, 
win 237, length 0
20:36:25.469227 IP example.com.8443 > 10.10.0.147.18939: Flags [P.], seq 1:8, 
ack 180, win 237, length 
20:36:25.469424 IP example.com.8443 > 10.10.0.147.18939: Flags [F.], seq 8, ack 
180, win 237, length 0
20:36:25.750601 IP 10.10.0.147.18940 > example.com.8443: Flags [.], ack 1, win 
4098, length 0
20:36:25.750631 IP 10.10.0.147.18940 > example.com.8443: Flags [P.], seq 1:180, 
ack 1, win 4098, length 179
20:36:25.750671 IP example.com.8443 > 10.10.0.147.18940: Flags [.], ack 180, 
win 237, length 0
20:36:25.751203 IP example.com.8443 > 10.10.0.147.18940: Flags [P.], seq 1:8, 
ack 180, win 237, length 7
20:36:25.751353 IP example.com.8443 > 10.10.0.147.18940: Flags [F.], seq 8, ack 
180, win 237, length 0
20:36:26.001464 IP 10.10.0.147.18939 > example.com.8443: Flags [F.], seq 180, 
ack 8, win 4096, length 0
20:36:26.001570 IP example.com.8443 > 10.10.0.147.18939: Flags [.], ack 181, 
win 237, length 0
20:36:26.001584 IP 10.10.0.147.18942 > example.com.8443: Flags [S], seq 
432508422, win 8192, options [mss 1366,nop,wscale 2,nop,nop,sackOK], length 0
20:36:26.001642 IP example.com.8443 > 10.10.0.147.18942: Flags [S.], seq 
2594784904, ack 432508423, win 29200, options [mss 
1460,nop,nop,sackOK,nop,wscale 7], length 0
20:36:26.001654 IP 10.10.0.147.18939 > example.com.8443: Flags [.], ack 9, win 
4096, length 0
20:36:26.264731 IP 10.10.0.147.18943 > example.com.8443: Flags [S], seq 
1225729238, win 8192, options [mss 1366,nop,wscale 2,nop,nop,sackOK], length 0
20:36:26.264795 IP example.com.8443 > 10.10.0.147.18943: Flags [S.], seq 
412449617, ack 1225729239, win 29200, options [mss 
1460,nop,nop,sackOK,nop,wscale 7], length 0
20:36:26.507048 IP 10.10.0.147.18940 > example.com.8443: Flags [.], ack 9, win 
4096, length 0
20:36:26.507134 IP 10.10.0.147.18940 > example.com.8443: Flags [F.], seq 180, 
ack 9, win 4096, length 0
20:36:26.507174 IP example.com.8443 > 10.10.0.147.18940: Flags [.], ack 181, 
win 237, length 0
20:36:26.507191 IP 10.10.0.147.18942 > example.com.8443: Flags [.], ack 1, win 
4098, length 0
20:36:26.507206 IP 10.10.0.147.18942 > example.com.8443: Flags [P.], seq 1:180, 
ack 1, win 4098, length 179
20:36:26.507250 IP example.com.8443 > 10.10.0.147.18942: Flags [.], ack 180, 
win 237, length 0
20:36:26.507851 IP example.com.8443 > 10.10.0.147.18942: Flags [P.], seq 1:8, 
ack 180, win 237, length 7
20:36:26.508043 IP example.com.8443 > 10.10.0.147.18942: Flags [F.], seq 8, ack 
180, win 237, length 0
20:36:26.757066 IP 10.10.0.147.18943 > example.com.8443: Flags [.], ack 1, win 
4098, length 0
20:36:26.757087 IP 10.10.0.147.18943 > example.com.8443: Flags [P.], seq 1:180, 
ack 1, win 4098, length 179
20:36:26.757113 IP example.com.8443 > 10.10.0.147.18943: Flags [.], ack 180, 
win 237, length 0
20:36:26.757432 IP example.com.8443 > 10.10.0.147.18943: Flags [P.], seq 1:8, 
ack 180, win 237, length 7
20:36:26.757579 IP example.com.8443 > 10.10.0.147.18943: Flags [F.], seq 8, ack 
180, win 237, length 0
20:36:27.037974 IP 10.10.0.147.18942 > example.com.8443: Flags [.], ack 9, win 
4096, length 0
20:36:27.038053 IP 10.10.0.147.18942 > example.com.8443: Flags [F.], seq 180, 
ack 9, win 4096, length 0
20:36:27.038091 IP example.com.8443 > 10.10.0.147.18942: Flags [.], ack 181, 
win 237, length 0
20:36:27.038206 IP 10.10.0.147.18944 > example.com.8443: Flags [S], seq 
4033355514, win 8192, options [mss 1366,nop,wscale 2,nop,nop,sackOK], length 0
20:36:27.038262 IP example.com.8443 > 10.10.0.147.18944: Flags [S.], seq 
2371580431, ack 4033355515, win 29200, options [mss 
1460,nop,nop,sackOK,nop,wscale 7], length 0
20:36:27.314728 IP 10.10.0.147.18946 > example.com.8443: Flags [S], seq 
4281262802, win 8192, options [mss 1366,nop,wscale 2,nop,nop,sackOK], length 0
20:36:27.314764 IP example.com.8443 > 10.10.0.147.18946: Flags [S.], seq 
2730993849, ack 4281262803, win 29200, options [mss 
1460,nop,nop,sackOK,nop,wscale 7], length 0
20:36:27.321159 IP 10.10.0.147.18943 > example.com.8443: Flags [.], ack 9, win 
4096, length 0
20:36:27.321192 IP 10.10.0.147.18943 > example.com.8443: Flags [F.], seq 180, 
ack 9, win 4096, length 0
20:36:27.321211 IP example.com.8443 > 10.10.0.147.18943: Flags [.], ack 181, 
win 237, length 0
20:36:27.565946 IP 10.10.0.147.18944 > example.com.8443: Flags [.], ack 1, win 
4098, length 0
20:36:27.565975 IP 10.10.0.147.18944 > example.com.8443: Flags [P.], seq 1:89, 
ack 1, win 4098, length 88
20:36:27.566008 IP example.com.8443 > 10.10.0.147.18944: Flags [.], ack 89, win 
229, length 0
20:36:27.566459 IP example.com.8443 > 10.10.0.147.18944: Flags [P.], seq 1:8, 
ack 89, win 229, length 7
20:36:27.566641 IP example.com.8443 > 10.10.0.147.18944: Flags [F.], seq 8, ack 
89, win 229, length 0
20:36:27.866665 IP 10.10.0.147.18946 > example.com.8443: Flags [.], ack 1, win 
4098, length 0
20:36:27.866777 IP 10.10.0.147.18946 > example.com.8443: Flags [P.], seq 1:89, 
ack 1, win 4098, length 88
20:36:27.866819 IP example.com.8443 > 10.10.0.147.18946: Flags [.], ack 89, win 
229, length 0
20:36:27.867271 IP example.com.8443 > 10.10.0.147.18946: Flags [P.], seq 1:8, 
ack 89, win 229, length 7
20:36:27.867426 IP example.com.8443 > 10.10.0.147.18946: Flags [F.], seq 8, ack 
89, win 229, length 0
20:36:28.356764 IP 10.10.0.147.18944 > example.com.8443: Flags [.], ack 9, win 
4096, length 0
20:36:28.356852 IP 10.10.0.147.18944 > example.com.8443: Flags [F.], seq 89, 
ack 9, win 4096, length 0
20:36:28.356891 IP example.com.8443 > 10.10.0.147.18944: Flags [.], ack 90, win 
229, length 0
20:36:28.666615 IP 10.10.0.147.18946 > example.com.8443: Flags [P.], seq 1:89, 
ack 1, win 4098, length 88
20:36:28.666661 IP example.com.8443 > 10.10.0.147.18946: Flags [.], ack 89, win 
229, options [nop,nop,sack 1 {1:89}], length 0
20:36:28.666675 IP 10.10.0.147.18946 > example.com.8443: Flags [.], ack 9, win 
4096, length 0
20:36:28.666702 IP 10.10.0.147.18946 > example.com.8443: Flags [F.], seq 89, 
ack 9, win 4096, length 0
20:36:28.666729 IP example.com.8443 > 10.10.0.147.18946: Flags [.], ack 90, win 
229, length 0200 packets captured

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to