Yeah, I think you're running into a client side problem. You'll need to
configure your client software (Java?) to default to TLSv1.2 instead of
TLSv1. My testing suggests that Java7 clients default to a TLSv1
handshake. You could also try to upgrade your client to Java8.
Andy
On Tue, 25 Oct 2016, Guru Prashanth Thanakodi wrote:
Hi Andy
I have removed TLS v1 from server.xml. JRE for JBOSS is 1.7.0.79. Looks
like I will have move to minor version 95 and use https.protocols and
jdk.tls.client.protocols.
<Connector SSLEnabled="true" clientAuth="false"
keystoreFile="C:\EMC\AppSync\jboss\standalone\configuration\cas.jks"
maxThreads="150" port="8444"
protocol="org.apache.coyote.http11.Http11Protocol" scheme="https"
secure="true" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"/>
Thanks
Guru
Thanks,
Guru
On Tue, Oct 25, 2016 at 12:35 AM, Andrew Morgan <[email protected]> wrote:
Java 7 supports TLS v1.0, v1.1, and v1.2. See:
https://blogs.oracle.com/java-platform-group/entry/diagnosin
g_tls_ssl_and_https
What did you change on the CAS Server (Tomcat) to disable other versions
of TLS?
Thanks,
Andy
On Sun, 23 Oct 2016, Guru Prashanth Thanakodi wrote:
Hi All
Can someone help me here? How to change the JASIG client to communicate
using TLS v1.2 mode
Thanks
Guru
Thanks,
Guru
On Fri, Oct 21, 2016 at 12:38 PM, Guru Prashanth Thanakodi <
[email protected]> wrote:
Attaching the stack trace of the failure.
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
[jsse.jar:1.7.0_79]
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
[jsse.jar:1.7.0_79]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
[jsse.jar:1.7.0_79]
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
[rt.jar:1.7.0_79]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnectio
n.connect(Unknown
Source)
[rt.jar:1.7.0_79]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
Source)
[rt.jar:1.7.0_79]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputS
tream(Unknown
Source)
[rt.jar:1.7.0_79]
at org.jasig.cas.client.validation.Saml11TicketValidator.
retrieveResponseFromServer
(Saml11TicketValidator.java:216) [cas-client-core-3.2.1.jar:3.2.1]
On Friday, 21 October 2016 12:32:49 UTC+5:30, Guru Prashanth Thanakodi
wrote:
Hi All
We have CAS 3.4.11 deployed on Apache Tomcat 7. Our Application is
deployed on JBOSS 7.1.
If we disable the TLS 1.0 communication in JASIG CAS Sever(Apache
Tomcat)
, We are unable to login.
Here is the stack trace
Thanks,
Guru
--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/
Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/ap
ereo.org/group/cas-user/
.
To view this discussion on the web visit https://groups.google.com/a/
apereo.org/d/msgid/cas-user/baafd574-9319-4c55-8f08-
536b8ca21705%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/baa
fd574-9319-4c55-8f08-536b8ca21705%40apereo.org?utm_medium=
email&utm_source=footer>
.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/M
ailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected].
To view this discussion on the web visit https://groups.google.com/a/ap
ereo.org/d/msgid/cas-user/CAJPPnqC6Rm3bQUNF%3DH-qunSb5VMNBG2
o4eWt%3D13NsejOJWBksg%40mail.gmail.com.
