Re: TLS is not working in 6.0.37, 7.0.42, 7.0.47

Fri, 03 Jan 2014 05:59:08 -0800 

HI,

That was just typo error but on system it is fine and i am keep checking
logs, no warning in it

also what about following post

I just also took interest to dig this issue.

The Document which you were referring
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native,
is clearly stated that only SSLv2, SSLv3, TLSv1 is support by SSLProtocol
Attribute.

SSLCipherSuite will only be supported cipher available in SSLv2,SSLv3,
TLSV1.

TLSv1.1 and TLSV1.2 supported Cipher can't be invoked until TLSv1.1 and
TLSv1.2 is enabled.see the supported Cipher list on TLSV1.2 on openssl link.
http://www.openssl.org/docs/apps/ciphers.html#TLS_v1_2_cipher_suites

I am happy to see if someone enabled below ciphers without enabling the
TLSv1.2

 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    ECDH-ECDSA-AES128-SHA256
 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    ECDH-ECDSA-AES256-SHA384
 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    ECDH-ECDSA-AES128-GCM-SHA256
 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    ECDH-ECDSA-AES256-GCM-SHA384




On Fri, Jan 3, 2014 at 6:00 PM, David kerber <dcker...@verizon.net> wrote:

> On 1/3/2014 3:28 AM, Mudassir Aftab wrote:
>
>> Hi,
>>
>> Sorry for asking u same thing again and again, i have tried many things
>> from above document, but nothing works for me, also no errors in the log
>>
>>     <Connector port="8443"
>> protocol="org.apache.coyote.http11.Http11AprProtocol"
>>             maxThreads="200"
>>             clientAuth="false"
>>             ciphers="ECDH-ECDSA-AES128-GCM-SHA256"
>>             scheme="https" secure="true" SSLEnabled="true"
>>             SSLCertificateFile="/home/mudassir/pay/p.pem"
>>             SSLCertificateKeyFile="/home/mudassir/p-key.pem"
>>             SSLCACertificateFile="/home/mudassir/AdminCA1.pem" />
>>
>>    SSCipherSuit="ECDH-ECDSA-AES128-GCM-SHA256"
>>
>> I really appreciate your help
>>
>>
> If what you list here is what is really in your config file, you're not
> proofreading your configuration entries very well.  You have SSLCipherSuite
> misspelled (two missing letters), and it's not inside the connector
> configuration entry.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to