Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

Fri, 15 Feb 2013 06:09:16 -0800 

Debugging the SSL handshake, I found that the problem is really about
ciphers because the handshake fails with exception
javax.net.ssl.SSLHandshakeException: no cipher suites in common

So, this is really something to be investigated in JSSE instead of
tomcat. I am sorry for noise in this list :-(

This is the complete log obtained with -Djavax.net.debug=all:

Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-192.168.1.55-8443-1, setSoTimeout(60000) called
[Raw read]: length = 5
0000: 16 03 00 00 4B                                     ....K
[Raw read]: length = 75
0000: 01 00 00 47 03 00 51 1E   33 5C CB 56 A8 58 4B 4D  ...G..Q.3\.V.XKM
0010: 34 86 04 4C CC 4E 00 A0   A8 7B 60 4E 6A 17 28 2F  4..L.N....`Nj.(/
0020: DB 51 1C 17 AE 9C 00 00   20 00 FF 00 3D 00 3C 00  .Q...... ...=.<.
0030: 2F 00 05 00 04 00 35 00   0A 00 67 00 6B 00 33 00  /.....5...g.k.3.
0040: 39 00 16 00 3B 00 02 00   01 01 00                 9...;......
http-192.168.1.55-8443-1, READ: SSLv3 Handshake, length = 75
*** ClientHello, SSLv3
RandomCookie:  GMT: 1360933724 bytes = { 203, 86, 168, 88, 75, 77, 52, 134, 4, 
76, 204, 78, 0, 160, 168, 123, 96, 78, 106, 23, 40, 47, 219, 81, 28, 23, 174,  
156 }
Session ID:  {}
Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, Unknown 0x0:0x3d, Unknown 
0x0:0x3c, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, 
SSL_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_AES_256_CBC_SHA, 
SSL_RSA_WITH_3DES_EDE_CBC_SHA, Unknown 0x0:0x67, Unknown 0x0:0x6b, 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, Unknown 0x0:0x3b, SSL_RSA_WITH_NULL_SHA, 
SSL_RSA_WITH_NULL_MD5]
Compression Methods:  { 0 }
***
[read] MD5 and SHA1 hashes:  len = 75
0000: 01 00 00 47 03 00 51 1E   33 5C CB 56 A8 58 4B 4D  ...G..Q.3\.V.XKM
0010: 34 86 04 4C CC 4E 00 A0   A8 7B 60 4E 6A 17 28 2F  4..L.N....`Nj.(/
0020: DB 51 1C 17 AE 9C 00 00   20 00 FF 00 3D 00 3C 00  .Q...... ...=.<.
0030: 2F 00 05 00 04 00 35 00   0A 00 67 00 6B 00 33 00  /.....5...g.k.3.
0040: 39 00 16 00 3B 00 02 00   01 01 00                 9...;......
http-192.168.1.55-8443-1, SEND SSLv3 ALERT:  fatal, description = 
handshake_failure
http-192.168.1.55-8443-1, WRITE: SSLv3 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 00 00 02 02 28                               ......(
http-192.168.1.55-8443-1, called closeSocket()
http-192.168.1.55-8443-1, handling exception: 
javax.net.ssl.SSLHandshakeException: no cipher suites in common
http-192.168.1.55-8443-1, called close()
http-192.168.1.55-8443-1, called closeInternal(true)
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called close()
Finalizer, called closeInternal(true)



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to