Then it's most likely an issue with harmony JRE (I think it doesn't
provide an SSLContext implementation that you are looking for i.e. SSL).
Have you tried Sun JRE??
-----Original Message-----
From: Suresh Kumar J <[EMAIL PROTECTED]>
To: Tomcat Users List <users@tomcat.apache.org>
Sent: Mon, 1 Sep 2008 11:26 am
Subject: Re: How to make to Apache-Tomcat 6.0.13 to support all of
SSLv2/SSLv3 and TLS protocols
Am having the Apache Harmony JRE.
[EMAIL PROTECTED] wrote:
What JRE / JDK are you using with Tomcat 6.0.13?
-----Original Message-----
From: Suresh Kumar J <[EMAIL PROTECTED]>
To: Tomcat Users List <users@tomcat.apache.org>
Sent: Sat, 30 Aug 2008 10:16 pm
Subject: Re: How to make to Apache-Tomcat 6.0.13 to support all of
SSLv2/SSLv3 and TLS protocols
I tried changing the "sslProtocol" attribute in conf/server.xml to
"SSL"
and but Tomcat couldn't start.
Observed the following error in catalina.out:
--------------------------------------
Aug 29, 2008 3:10:18 PM org.apache.coyote.http11.Http11Protocol init
SEVERE: Error initializing endpoint
Throwable occurred: java.io.IOException: SSLContext SSL
implementation
not found
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.
java:394)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocket
Factory.java:125)
at
org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:496)
at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:177)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1059)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:
677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:79
2)
at org.apache.catalina.startup.Catalina.load(Catalina.java:518)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at
java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
at java.lang.reflect.Method.invoke(Method.java:317)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
--------------------------------------
Another question is that how do I make Tomcat to recognize both
SSLv2/SSLv3/TLS1.0 messages for secured communication. Since some
browsers like Firefox3.0.1 use SSLv2 for initial SSL handshake phase.
Tomcat doesn't seems to recognize SSLv2 messages and errors out with
the
following message:
--------------------------------------------------
Aug 29, 2008 2:52:52 PM
org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
Throwable occurred: java.net.SocketException: SSL handshake error
javax.net.ssl.SSLException: INTERNAL ERROR
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocket
Factory.java:150)
at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
at java.lang.Thread.run(Thread.java:657)
--------------------------------------------------
Any inputs would be appreciated.
Thanks,
Suresh
[EMAIL PROTECTED] wrote:
I tried changing the "sslProtocol" attribute in the "Connector"
element
in conf/server.xml file and when the Tomcat couldn't start.
Observed
the
following error in catalina.out:
what value did you specify for sslProtocol. I tried using SSL and it
worked.
-----Original Message-----
From: Suresh Kumar J <[EMAIL PROTECTED]>
To: users@tomcat.apache.org
Sent: Sat, 30 Aug 2008 4:25 am
Subject: How to make to Apache-Tomcat 6.0.13 to support all of
SSLv2/SSLv3 and TLS protocols
Hi!
Am running the Apache Tomcat (v6.0.13) on Redhat Linux. Below is the
snippet of the server.xml config:
----------------------------
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreType="PKCS12"
keystoreFile="conf/my-key-store" keystorePass="abcd"/>
----------------------------
The https connection(TLS based) works fine with IE6.0/7.x and
FireFox
2.0.x. But am having issues with the FireFox 3.0.1 on Windows XP
with
the default settings. When I try to connect(https on 443) to Apache
Tomcat (v6.0.14), I get the following error on the FireFox 3.0.1
window:
-------------------------------------------
Secure Connection Failed
An error occurred during a connection to 10.xx.xx.xx
Cannot communicate securely with peer: no common encryption
algorithm(s):
(Error code: ssl_error_no_cypher_overlap)
-------------------------------------------
Have observed the following error in the Catalina.out file:
--------------------------------------------------
Aug 29, 2008 2:52:52 PM
org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
Throwable occurred: java.net.SocketException: SSL handshake error
javax.net.ssl.SSLException: INTERNAL ERROR
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocket
Factory.java:150)
at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
at java.lang.Thread.run(Thread.java:657)
--------------------------------------------------
In the FireFox 3.0.1, both SSL3.0 and TLS1.0 are enabled(and SSLv2
is
disabled) in the browser security settings. The web-server is
correctly
configured for secured http on TLS. Earlier with Firefox2.0.x, it
was
working fine. Also checked with Linux version of FireFox3.0.1 and
the
TLS connection is working fine.
When I tried to analysis the packets capture of the
browser/web-server
communication via "WireShark/Ethereal" tools, I observed that the
FireFox3.0 on Windows uses "SSLv2 Record layer(Client Hello)" for
SSL
handshake negotiations. As my Tomcat webserver is configured for
TLS,
it
doesn't seem to understand the SSLv2 record layer format, eventually
errors out with "javax.net.ssl.SSLException: INTERNAL ERROR.
Since SSLv2 is generally considered to be a weaker protocol than
SSLv3
and TLS, am not sure why FireFox3.0.1 on Windows uses SSLv2 Record
protocol, also SSLv2 is disabled by default. On Redhat Linux, the
same
FF3.0.1(firefox-3.0.1-1.el5) uses "TLSv1 Record Layer(Client Hello)"
for
security negotiations. The FireFox v2.0.x on Windows uses "SSLv3
Record
Layer(Client Hello)" which seems to fine. Am able to launch the
https
webpages on IE6.x and IE7.x and also FireFox2.0. The only issue is
on
FireFox3.0 which uses "SSLv2 Record layer(Client Hello)" for SSL
handshake negotiations. Tomcat works well with TLS protocol, but
when
the browser uses SSLv2 then it fails.
I tried changing the "sslProtocol" attribute in the "Connector"
element
in conf/server.xml file and when the Tomcat couldn't start. Observed
the
following error in catalina.out:
--------------------------------------
Aug 29, 2008 3:10:18 PM org.apache.coyote.http11.Http11Protocol init
SEVERE: Error initializing endpoint
Throwable occurred: java.io.IOException: SSLContext SSL
implementation
not found
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.
java:394)
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocket
Factory.java:125)
at
org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:496)
at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:177)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1059)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:
677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:79
2)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:518)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at
java.lang.reflect.VMReflection.invokeMethod(VMReflection.java)
at java.lang.reflect.Method.invoke(Method.java:317)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
--------------------------------------
Does Tomcat 6.0.x supports SSL implementation?. Is it possible to
make
the Tomcat to understand both SSL and TLS protocols so that all the
browsers are supported. It seems to be critical to make the
application
I use the certificate in the format of PKCS12, created via openssl
tool.
Did anyone else face similar kind of problem in this regard.
Thanks,
Suresh
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
________________________________________________________________________
You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
