-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jaya,
On 12/20/13, 2:13 PM, jaya ravindran wrote: >> Tried with -ssl3. Got back the following SSL handshake has read >> 3426 bytes and written 284 bytes --- New, TLSv1/SSLv3, Cipher is >> EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit You really need to increase the size of your public key. 1024 bits is considered dangerous these days. Recently, Microsoft Windows (finally!) issued an update that requires all SSL/TLS connections to have >1024 bit key sizes. Any chance you're being bitten by that? These days, I wouldn't use anything less than a 4096-bit server key. Can you re-create your key, cert, etc.? The output of s_client shows you have a self-signed certificate so you shouldn't have any problem doing that. Perhaps it will fix everything. (?) >> Secure Renegotiation IS supported SSL-Session: Protocol : SSLv3 >> Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: >> 52B4960B812952824F26DCA6DB67455143F624E615D1CAADA39E2831676944C7 >> Session-ID-ctx: Master-Key: >> A871539A23FD30DB1336B8B95AF50026DEDC0ADA79B80706E9B8CAA5E59E90AFAA2BEC8FA60FCCF32C0415EEA4D6F21B >> >> Key-Arg : None >> Start Time: 1387566603 Timeout : 7200 (sec) Verify return code: >> 19 (self signed certificate in certificate chain) The "verify return code" is different -- not sure what the difference between 18 and 19 is -- but otherwise things look okay to me. Is the site public? If so, can you email me the URL privately and I can take a look? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJStJ3iAAoJEBzwKT+lPKRY6hgP/2JxByzzNVwsAOowrzBVV8z3 nqP6DC8j+UoFsHBes946ofAi8o2uc7TIJ/TTW4ylf7OIc4sTGOV6X9pn68lHR4io 3ZzMgBHbuSAmVazVNa+7Syy1LkxfzT6fnD8NXF70M10r0XUTVJRGVBRqMbhxdAsj 4swWydanJz0Yjqbbn4vWZnvIMuwa4cKUCyLOwvKZwWTjtXqfZj3z7n6eiyHt9kBN Mo2BCrJpG52OBesELkTWZuawFm3Wpar0KaDm+34ve139lf2IOqqwoW3uXyLYfRTM BR0/2OxxY/KxwHUgsllgk6yOmKsdxvphAAVJKTWdl3J0I0EpaSvXBDXnJGGes6cl 6yhpITtmjx9xbrRuWWqvie5QWiZ3PxwoR8lsOR1tbLxeRSxgGsQ1KtjV5YSsmfb/ n3D/jhYevUYurE59gAjOSQqpLF+LYTVqhM4lNVGaGTMkDissCC/w9TIzZoJPK7UL d/Dh9+cpN2U0IqpV7QMwDu38rLetR+KqZYolFoTTdHBgc/q7R9r2y1vTdihK2NgL JJ98TQXRJ1v8iqfWenRSBgwFvCPzeATskYphxZHl3ANPQK218BlOUrc8TJTU5Dip 9d6VWlKdSqVgpzc/2FYhe9QoP9KlFj96NqlSw54Fw+g+zjD7VAILLrYX1GLWSd3t EkRYC/2aSmjZQu87Fb2P =y0Tn -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
