I am using java version JDK 1.7.0_51. I have java client running in Linux X64 platform.
Both the commands which you provided are working perfectly for me. As I mention in my previous mail, the problem is intermittent. Rajesh On Thu, Feb 19, 2015 at 7:50 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Rajesh, > > On 2/19/15 1:41 AM, Rajesh Biswas wrote: > > We are facing intermittent ssl handshake failure exception in the > > client code while connecting the server which runs on Tomcat 7.0.54 > > version. > > > > Below is the ssl configuration in server.xml file > > > > <Connector port="8443" > > protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" > > SSLEnabled="true" scheme="https" secure="true" > > > > keystoreFile="/scratch/rajebisw/Certificate/ssl/ibm.ssl.keystore" > > keystorePass="XXX" clientAuth="false" sslProtocol="TLS" /> > > > > OS: Solaris Tomcat Version: apache-tomcat-7.0.54 > > > > Would you please suggest if I miss anything > > What version of Java? What client is getting there errors, and what > are the error messages you are getting? > > Can you connect with "openssl s_client"? > > I'm suspecting that the client is trying to connect with SSLv3 > protocol which recent versions of Java completely disable by default, > regardless of your Tomcat configuration. > > See http://markmail.org/thread/ip4j45tioft4bntd for more information > on re-enabling SSLv3. But before you do all that, make sure that SSLv3 > is actually the problem, first. > > Here's how to try: > > $ openssl s_client -connect host:port > (This should be successful) > > Then, try this: > $ openssl s_client -ssl3 -connect host:port > (If this fails, the handshake failures may be due to the client only > supporting SSLv3) > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJU5fEeAAoJEBzwKT+lPKRY3VEQAMD3W0KX3PYAwbEefaI2zaWF > PCzAv/OzQH4yA0z7AJozZcVsHA7y4lgUygTnYLY2wm5dO3b33FN97plOvTOsjl/W > qXZUojNJ1fw79LSXVvTlDRKYU+R59PNWnRE6Hnu6RhK0WrGxNyvYeiatbKWpu6DT > mLZkupJpb/crAdrqxOPm8LUZLza0ea9JlvD9dqObGAsEx2NdRpw6ME3PBUAa4IJW > fzzzUZAmUkiJBBIkOlgy/JP+wtOvz7Rwp2VN7zS7kJbAtWf7Jv7XsjW+kBECNoLP > a4n1ElR/qdfwwIeRvivoodrO6oY/+S0/mwdK91yGsQpb1Bk3iMX1O753TA84Nnu1 > 4dnvBu2VCcv+BtaBKaCHiA7NVAXW4tbKcMiF7ttCGCeoUFy/Ej4mDjqSWSreyFe5 > BQ2lwFNh61Uu/ftD3vNhvFubiKZNziXWMmCWz74EAC/n/8dtDIUe/a0KrNlk6hnr > seHzZpZ9hIAmQQvuzM7uML/8dG+VIWlffxDW4lGWz9J/eJsF3g11a6f+DVy2122d > fG6SMGY1Uwr8TX5Pub8FPMWXXAXx//RxqYNebhPOw7nkTjfIc+Q7mwi7hTUDAvPF > JX7tdFeJUU8lAPoOhrix2j8YL7GH0FYQuj6b9q17E02UPeX1p8BVP0AzfOZaNQb0 > 4dhjg0c83mavN0FoNJoR > =kRBZ > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
