-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Rajesh,
On 2/19/15 1:41 AM, Rajesh Biswas wrote: > We are facing intermittent ssl handshake failure exception in the > client code while connecting the server which runs on Tomcat 7.0.54 > version. > > Below is the ssl configuration in server.xml file > > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" > SSLEnabled="true" scheme="https" secure="true" > > keystoreFile="/scratch/rajebisw/Certificate/ssl/ibm.ssl.keystore" > keystorePass="XXX" clientAuth="false" sslProtocol="TLS" /> > > OS: Solaris Tomcat Version: apache-tomcat-7.0.54 > > Would you please suggest if I miss anything What version of Java? What client is getting there errors, and what are the error messages you are getting? Can you connect with "openssl s_client"? I'm suspecting that the client is trying to connect with SSLv3 protocol which recent versions of Java completely disable by default, regardless of your Tomcat configuration. See http://markmail.org/thread/ip4j45tioft4bntd for more information on re-enabling SSLv3. But before you do all that, make sure that SSLv3 is actually the problem, first. Here's how to try: $ openssl s_client -connect host:port (This should be successful) Then, try this: $ openssl s_client -ssl3 -connect host:port (If this fails, the handshake failures may be due to the client only supporting SSLv3) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU5fEeAAoJEBzwKT+lPKRY3VEQAMD3W0KX3PYAwbEefaI2zaWF PCzAv/OzQH4yA0z7AJozZcVsHA7y4lgUygTnYLY2wm5dO3b33FN97plOvTOsjl/W qXZUojNJ1fw79LSXVvTlDRKYU+R59PNWnRE6Hnu6RhK0WrGxNyvYeiatbKWpu6DT mLZkupJpb/crAdrqxOPm8LUZLza0ea9JlvD9dqObGAsEx2NdRpw6ME3PBUAa4IJW fzzzUZAmUkiJBBIkOlgy/JP+wtOvz7Rwp2VN7zS7kJbAtWf7Jv7XsjW+kBECNoLP a4n1ElR/qdfwwIeRvivoodrO6oY/+S0/mwdK91yGsQpb1Bk3iMX1O753TA84Nnu1 4dnvBu2VCcv+BtaBKaCHiA7NVAXW4tbKcMiF7ttCGCeoUFy/Ej4mDjqSWSreyFe5 BQ2lwFNh61Uu/ftD3vNhvFubiKZNziXWMmCWz74EAC/n/8dtDIUe/a0KrNlk6hnr seHzZpZ9hIAmQQvuzM7uML/8dG+VIWlffxDW4lGWz9J/eJsF3g11a6f+DVy2122d fG6SMGY1Uwr8TX5Pub8FPMWXXAXx//RxqYNebhPOw7nkTjfIc+Q7mwi7hTUDAvPF JX7tdFeJUU8lAPoOhrix2j8YL7GH0FYQuj6b9q17E02UPeX1p8BVP0AzfOZaNQb0 4dhjg0c83mavN0FoNJoR =kRBZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
