Re: SSL connect to APR fails - "bad version"

Sun, 06 Nov 2011 05:16:07 -0800 

Kobe wrote:

I build tcnative and apr from src with exist ver of openssl (means openssl
not
build my me). I load apr connector in tomcat as below.
when my client connect, I cannot connect: i get "bad version". please explain what I do wrong? 


server# ./apr-1-config  --version
1.4.5
server#
server# openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
server#



  /// APR Connector Configuration in Tomcat6
 <Connector port="443"
    protocol="org.apache.coyote.http11.Http11AprProtocol"
    enableLookups="false" disableUploadTimeout="true"
    acceptCount="100" scheme="https" secure="true"
    SSLCertificateFile="server_certificate.pem"
    SSLCertificateChainFile="cachain.pem"
    SSLCertificateKeyFile="server.key"
  />




$ openssl s_client -connect server.xxx.net:443 -debug -ssl3
CONNECTED(00000003)
write to 0x100119470 [0x100815e00] (95 bytes => 95 (0x5F))
0000 - 16 03 00 00 5a 01 00 00-56 03 00 4e b5 d4 3e 2d   ....Z...V..N..>-
0010 - 57 eb 94 3c f8 0f a0 55-76 75 21 7c b3 f1 37 6f   W..<...Uvu!|..7o
0020 - 99 2b 68 7c 65 b7 c9 2c-f6 1f dd 00 00 2e 00 39   .+h|e..,.......9
0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f   .8.5.......3.2./
0040 - 00 9a 00 99 00 96 00 05-00 04 00 15 00 12 00 09   ................
0050 - 00 14 00 11 00 08 00 06-00 03 00 ff 02 01         ..............
005f - <SPACES/NULS>
read from 0x100119470 [0x100811400] (5 bytes => 5 (0x5))
0000 - 48 54 54 50 2f                                    HTTP/
write to 0x100119470 [0x10081b800] (7 bytes => 7 (0x7))
0000 - 15 03 00 00 02 02 28                              ......(
44414:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s3_pkt.c:293:
$ 
Hi.
I don't know if other members of this list will be as puzzled as I am, but it is not clear to me what you are trying to achieve. I mean that Tomcat is in principle a web server, normally answering web browser requests (via HTTP or HTTPS). What are you trying to do when you access it with the above type of client, and what are you sending to Tomcat, and why ? 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to