Am 2013-08-24 18:10, schrieb Jesse Barnum:
I am trying to use SSL with Tomcat and an APR connector. This is
hosted on Ubuntu 13.04. I can make changes to the server, but not to
the existing Java client.
For some reason, whenever a Java 6 client connects to the Tomcat
server using SSL, it is not able to connect - the connection is reset
by the server. However, the exact same Java code can connect to the
same server on a different port hosted by Apache with SSL. In
addition, non-Java code (like curl) can connect to the Tomcat SSL
connection. I also tested with Java 7 and it works.
I have gotten this to work in Java 6 by forcing the Java client to
use the TLSv1 protocol (-Dhttps.protocols=TLSv1). However, this is
not a practical solution, because I cannot release an update at this
time for our Java clients.
Since this works with Apache on the server, it seems to me that I
should be able to make some sort of configuration change on the
server to also work with Tomcat, without needing to change the Java
clients.
In summary: * Java 6 connecting to Tomcat APR with SSL = FAIL * Java
7 connecting to Tomcat APR with SSL = good * curl connecting to
Tomcat APR with SSL = good
* Java 6 connecting to Apache SSL = good * Java 7 connecting to
Apache SSL = good * curl connecting to Apache SSL = good [...]
I had this problem months ago too. APR Connector ist fine. The problem
with Java 6 is that the URLConnection -- JSSE -- sends a SSLv2Hello and
this breaks everything. I have restricted this for Java 6 clients at
work. Java 7 does not suffer from this because this is disabled by default.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
