-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Rajesh,
On 2/19/15 12:33 PM, Rajesh Biswas wrote: > I am using java version JDK 1.7.0_51. I have java client running in > Linux X64 platform. > > Both the commands which you provided are working perfectly for me. > > As I mention in my previous mail, the problem is intermittent. Well, next time it happens, please provide the error message you get. SSLv3 is probably not the problem; Java 1.7.0_51 still had it enabled. - -chris > On Thu, Feb 19, 2015 at 7:50 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Rajesh, > > On 2/19/15 1:41 AM, Rajesh Biswas wrote: >>>> We are facing intermittent ssl handshake failure exception in >>>> the client code while connecting the server which runs on >>>> Tomcat 7.0.54 version. >>>> >>>> Below is the ssl configuration in server.xml file >>>> >>>> <Connector port="8443" >>>> protocol="org.apache.coyote.http11.Http11Protocol" >>>> maxThreads="150" SSLEnabled="true" scheme="https" >>>> secure="true" >>>> >>>> keystoreFile="/scratch/rajebisw/Certificate/ssl/ibm.ssl.keystore" >>>> >>>> keystorePass="XXX" clientAuth="false" sslProtocol="TLS" /> >>>> >>>> OS: Solaris Tomcat Version: apache-tomcat-7.0.54 >>>> >>>> Would you please suggest if I miss anything > > What version of Java? What client is getting there errors, and > what are the error messages you are getting? > > Can you connect with "openssl s_client"? > > I'm suspecting that the client is trying to connect with SSLv3 > protocol which recent versions of Java completely disable by > default, regardless of your Tomcat configuration. > > See http://markmail.org/thread/ip4j45tioft4bntd for more > information on re-enabling SSLv3. But before you do all that, make > sure that SSLv3 is actually the problem, first. > > Here's how to try: > > $ openssl s_client -connect host:port (This should be successful) > > Then, try this: $ openssl s_client -ssl3 -connect host:port (If > this fails, the handshake failures may be due to the client only > supporting SSLv3) > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU5iG8AAoJEBzwKT+lPKRYoEQP/1Uch+VGs6jSoT99mnoLTIkj /SouQsx6aQxzWpR90krD+XHWpwBDlajvJO6InuRwF99rbWuSPbA5zwELxXeNiojX yCnsVB9bXCO1TKHzfn0dAoeTG0DFZAXDGYwOfHXXv0kNELNvx81kkvUaoNsHq5IK MCeZavkI555EARbbc3oYGZR6za5VByxz43xu3sjBn2HiL8ZECCfQu/wh1xlXeRci rFyuVQ5t+3yOc8FzNrhRMCdlPDVJ9tngK3R48Bfa1oJb90ZiH6ecyZ+NDOKy+cmd 2nnuKNgkYtPkg9b3WgpgHMYRj3Vvtl09yeC0NdB+PiapypECivEtq0yBJ4s2mc/z r+5tn+MYBiUKr2uyIpYqXQ/RzQOgqKnMD2+cJeKYh7xwsQ/GNAX5mlMdRQwf4s8W /7FZIf163tmcQ1cMhZWCEgI/Hf1M8soyJ29W9FlFlVNe9FcOZC034nayV7wh/s/v zT5IoN6Ew2Q0l58r5BmXgP2AerMUCLvPILm2tpBkJkesCMCO+ssLCHuHXE9aGY1G Trkj77kRRj49/Gcrj4yn50qFw4D9h8urz+7X6iKJTduNzgvYZVjK6W6SUFXtDvAg TJ32HSCRbEcu6ChCHQfx0eDwe5wlI51BNuzObR9mCitqYA67VEHj/LY2ix04Sb7q L5BLV0htpgLtVFU7k2w0 =Ldfb -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
