[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: APR connector does not work with SSL for Java 6 clients?
From:       Christopher Schultz <chris () christopherschultz ! net>
Date:       2013-08-25 18:27:49
Message-ID: 521A4CA5.3040000 () christopherschultz ! net
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Jesse,

On 8/25/13 1:08 PM, Jesse Barnum wrote:
> On Aug 25, 2013, at 9:58 AM, Michael-O <1983-01-06@gmx.net> wrote:
> 
>> 1. Did you configure mod_ssl and APR Connector the same way?
> I'm not sure how to make sure that they are configured
> identically. The syntax in server.xml is not identical to the
> syntax in apache2.conf. For example, in Apache's ssl.conf file, the
> directive: SSLProtocol all -SSLv2
> 
> Does not work the same way in server.xml. In my connector element,
> I tried setting an attribute SSLProtocol="all -SSLv2", but that 
> wouldn't parse at startup. I've tried SSLProtocol="TLSv1+SSLv3"
> and SSLProtocol="ALL", and they all fail with a connection reset
> message on the client. I also tried setting
> SSLCipherSuite="HIGH:!ADH" as you recommended, as well as
> "HIGH:MEDIUM:!aNULL:!MD5" which is the way I have it in Apache (the
> default value), but that didn't make any difference.

Try posting both your httpd.conf and server.xml configurations (i.e. the
relevant stuff, not the whole thing).

You might want to review
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html --
specifically the "SSLProtocol" attribute which lists the acceptable
values. Hint: your attempts above are not supported.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSGkylAAoJEBzwKT+lPKRYQmIP/R08IFCNU7HqBWUjfBiWQY7u
xT/25q8XALJSk/qe0JT3Cw2y+xtbknM4NFZMle/6SersuHZpM8w2FWr7Xesqj42n
pUxhT8/7STtsJrqPgk6Y9HoY9iQOS2UgVBh2pg6001orjZJGhHlZ0I4kllu8MlSd
0AndQdAjolHKnC3E1azhx5jNNujnL7qfIZ5xUtg1v5iietcGcnThKzKeGex9coE2
msDJTBFjDOH0KwU7Kri5j9AoT4mrRihPGWTQoQC7ml5UgCc6nnq2V0x0iIIv2x3x
QS6CXVRL5K2rIU9WnCNYX7HUT/PvreUu0/UKM6V+5YdxY6iCdp0iIgtRiLtq/1WK
FJu5d/241tKaiaXw0cYdN1caU5crovFdM/gYf7dqmPntGM8rW3fnQQyCfH6epSaR
JfhytitMnEBr2hI2EQRZUSFq6iM1qn/NHj8mVUhFK2YwSWOwMyvz+syEWzCAb/5D
z4uL90UloK3etCQH/ep0dpHKCmISlyXRDprdqP42/qMCAa48ejr+3rLQH8Jp74Qv
iqnEdNyccnnpwZp4fZXRxAoU/pSaFAQ1A527/Tjw4a8PkJwKgKoJGLDe/O0b6YHf
ZnoOJqKzPjhyZw/WBs8eg0daJAjJHYsYfPpFSnLyFEIH7AxqTvA702WyDOrYaShH
GoFWn67XT+MZpGocEtwP
=Dvf8
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]