On 21.09.2016 18:49, Christopher Schultz wrote:
Hash: SHA256


On 9/21/16 11:58 AM, Roskens, Ronald wrote:
-----Original Message----- From: Christopher Schultz
[mailto:ch...@christopherschultz.net] Sent: Wednesday, September
21, 2016 9:40 AM To: Tomcat Users List Subject: Re: TLS 1.2
Handshake on Tomcat 7.0.39 Getting Internal Error: Key format
must be RAW


This may be the most promising page on the Internet, but of
course Red Hat wants you to pay to read it:


I can't see the "verified solution", or I'd reprint it here
without permission :)

The resolution says to either disable TLS 1.2 or FIPS mode.

The root cause is the PKCS#11 implementation included in Java 7 and
8 does not support TLS 1.2 when in FIPS mode as documented in
OpenJDK bug JDK-8029661

See also:


for posting this.

Good old FIPS: hobbling real security since 1994.

Thanks also, but does this explain fully the symptoms seen by the OP ? As I recall, he had 3 apparently similar servers, configured similarly, but where 2 were seeing the problem and the third one not.
Or was there another difference which he did not tell us about, and where ?

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to