-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dave,
On 7/9/14, 6:53 AM, Utkarsh Dave wrote: > We are running Tomcat 6.0.37 and Java JDK 1.6.0_60 We recently > upgraded to JDK 1.6.0_75 and recieved below error at several > places javax.net.ssl.SSLException: Fatal Alert received: Handshake > Failure In what component? Tomcat's connector, or something in your web application that makes an HTTPS connection to another service? Why not move up to a supported version of the JVM? > We debugged and after analysis found that if we remove below 3 > ciphers suits from server.xml file > > TLS_RSA_WITH_AES_256_CBC_SHA > > TLS_RSA_WITH_AES_128_CBC_SHA > > SSL_RSA_WITH_3DES_EDE_CBC_SHA > > > The error is no more seen. So explicitly removing those ciphers fixes things? Please show your <Connector> configuration (minus any passwords) for both the working and non-working configurations. > I need your opinion in order to proceed with the changes. > > 1.What will be the effect of removing these cipher? Clients will be unable to connect using those ciphers. > 2. Found this link on ciphers > > http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html > > > > The cipher codes I mentioned above have been marked as 'X'. You might have to find out the exact support for those ciphers in various patch-levels of the JVM. I would imagine that later versions of th eJVM would support *more* ciphers and not fewer, but I may be wrong. > Most of the cipher codes mentioned in my server.xml are marked as > 'X'. So I am confused as to am I on correct path of removing these > problematic cipher from server.xml or not. I think something else might be going on, here. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTxTOhAAoJEBzwKT+lPKRY3NUP/j8tiEQioP2c7AM/p3Tdh6qL bY1dCblRTFd83zDFnZsItOp1zMY4XguLl+PhbDGzqJ0uFBhxJ6+w7O0f8UwnB9Cz gYtniqOwK4yaJhrlZSAVlu/4+tumqaJCBek0STiw/4rYixSuWYqi4468I3BXHYlz 4VZ8eCLzepIN7XIy/7pf0cw6tz83x/FPA39+zPc17zoST66ekPunluyKHZpdpssI J/PTSRqhmkOh473WfcLUUetTIrdjttw6GfiXfuGnprkOfL9fWOCT6ENSzn6PSTWX JlBXaDuBj2hFsb6xJh8zpDtDxUbqdWuBPXUQxAwS7dL8/x0TMh2I3LK8jps+pqtR qPbltj5xtSUOzYBRSX/NvJVP3WzWh3o+Nh0LfAFS82etqJjnsm1bKAN40FRdUIW3 nTN1Pg9FvL4GmhVIBECty4SfV/OV00yroseTO4njgCQ/OTobWiwOEy/YK1K6JQSR qlkVExbQBdl0mgDTRGDm9mQFAsOHLMY3N3ANvwUdr7NbZTfMQYvAYpCLFQjmsTNe OG1Z2PT9hXD3DkGHrWPM9maKTcSw5wPOiIdqYAT+ESdA2fIsqNuvAVTdCaHr9xwc N/le3z57IaSuFJ+iTn7cjf/cEbIUkshSjZvABRNoqY3bfNpyp4GjRIssrWHH0U8h 4NR+XXijazypm1M2tRex =+h3T -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
