> -----Original Message-----
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Wednesday, September 21, 2016 9:40 AM
> To: Tomcat Users List
> Subject: Re: TLS 1.2 Handshake on Tomcat 7.0.39 Getting Internal Error: Key
> format must be RAW 


> This may be the most promising page on the Internet, but of course Red Hat
> wants you to pay to read it:
> https://access.redhat.com/solutions/1309153
> I can't see the "verified solution", or I'd reprint it here without 
> permission :)

The resolution says to either disable TLS 1.2 or FIPS mode.

The root cause is the PKCS#11 implementation included in Java 7 and 8 does not 
support TLS 1.2 when in FIPS mode as documented in OpenJDK bug JDK-8029661 

See also: 


This e-mail message is being sent solely for use by the intended recipient(s) 
and may contain confidential information.  Any unauthorized review, use, 
disclosure or distribution is prohibited.  If you are not the intended 
recipient, please contact the sender by phone or reply by e-mail, delete the 
original message and destroy all copies. Thank you.

Reply via email to