Thanks Chris, yes you are right they messed it up. I will also file a complaint with them.
On Sun, Oct 8, 2017 at 9:44 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Syam, > > On 10/5/17 5:10 PM, Syam Pillai wrote: > > On my AMI (Amazon Linux) server, tomcat 8 was running happily but > > today, after an upgrade (Version is now 126.96.36.199), the server is > > failing to start with the following message: > > > > INFO [main] org.apache.coyote.AbstractProtocol.init Initializing > > ProtocolHandler ["https-openssl-nio-8443"] > > /usr/share/soengine/jdk/bin/java: symbol lookup error: > > /usr/lib64/libtcnative-1.so.0.2.10: undefined symbol: > > SSL_CTX_add0_chain_cert > > > > I can see that before these lines, OpenSSL is loaded: INFO [main] > > org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL > > successfully initialized [OpenSSL 1.0.1e-fips 11 Feb 2013] > > > > However, I don't know why this version of OpenSSL is being > > shown. On the OS terminal (Kernel: 4.9.51-10.52.amzn1.x86_64 #1 > > SMP), if I check, it is showing a different version. (I could not > > find any duplicate installation of OpenSSL on the server). > > > > openssl version -v OpenSSL 1.0.2k-fips 26 Jan 2017 > > Lemmie guess... you are using Amazon Linux and you just upgraded to > release 2017.09. > > AWS appears to have done something horribly wrong with their OpenSSL > deployment for this version. I get the same weird things trying to use > stunnel, which reports conflicting libssl versions, FIPS-init errors > ("bad signature") and other odd things. > > My recommendation is to file a support ticket (like I did) with Amazon > and force them to un-break this release. Plus, you'll help me, too. > > For my part, I've had to disable FIPS mode for stunnel (which kind of > defeats the purpose of having a FIPS build advertised) in order to get > it to work AT ALL, and I'm pretty disappointed. I truly believe that > FIPS compliance is useless at best and damaging at worst, but if the > system is advertised as FIPS-certified, it should darned-well work in > FIPS mode.</grump> > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnaY/wACgkQHPApP6U8 > pFidFQ//Xe+H80kSnpmkOn2Yh/CpSh8xA/iMGbH9B6aytLs5V1s/1BSa1phEYl+j > 3OVzWKpjpGRtSc+6oV+WyLWvGACFTokQ/4/s+JXyDsEYJW1Ue078C9fFr+I0d4Vb > JQEqrfarO9JrZhMy5fa3UaJydzS0yzxEOjPQA8+HKunixlTVX1fyzHyhIHa3DSrW > j/G8MY4leUX/6f8dowZyIBkm9ZsFfTxKPkJtRfH4txKBbt2CLqsLQaUs8TT5DHg/ > nlFwmITYG44BgEciufn9VaVSz1+b4qT9jdtrgr8Pvmzp1Iv8RJhn5705PxqebT9m > 9jCXhKJoYDrUN2Va3fRkwp8ySeovzoz7pxH+QQ92lcNvsjAHzJ2Diz/lpUVFgYAx > MDsx3ROdbBEgrsRqFe9XEPEHfzIP1LlfwhpBeCKfuLtSB8Uw/EhN8U6MFCXijhMi > Yc19nT0br/jppe6JM96QlTLuZFMYmTVOBLv2rfxf6PXe57tTT8MbjaxhuPCvD5/W > CbMap+a1MS/zc588jvW5r/e/T1EK2Z7X9FMSM47pPj35G+bm++Uiv65JfS8Dskhf > +w1bPAkoOINJr7Q796uWF6sOjP5TYxCGApxhLeKhWH7mB/X+n8gqs8ylWC729wwG > iJssATlt7EHmqb7qxSjwHwcLue+plmB2vL3g85IjopqnmYY8NPc= > =dviH > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- *Syam S. Pillai, **Director & Chief Technology Officer* *ENGRAV Aviation Services & Systems Pvt. Ltd.* *# 15, Level 1, Indradhanush, Gubbi Cross,* *Kothannur PO, Bangalore - 560 077, India.* *Phone: +91 80 2844 3740* *http://www.engravgroup.com <https://www.engravgroup.com>*