-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Stu,
On 3/5/15 2:23 AM, Stu Smith wrote: > Hello, > > I'm using the tomcat maven plugin to deploy to an SSL-enabled host. > I've pointed maven at copy of the keystore used on the tomcat > server itself, so all the keys should be there. Also, I enabled > java.net.ssl.debug=all, and confirmed the public key, intermediate > cert, and CA cert are loaded. Yet, with TLSv1.2 on the server, the > handshake failed at this point: > > 0070: 00 17 00 01 00 03 00 13 00 15 00 06 00 07 00 09 > ................ 0080: 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E > 00 0F ................ 0090: 00 10 00 11 00 02 00 12 00 04 00 05 > 00 14 00 08 ................ 00A0: 00 16 00 0B 00 02 01 00 > ........ [Raw read]: length = 5 0000: 15 03 01 00 02 > ..... [Raw read]: length = 2 0000: 02 28 > .( main, READ: TLSv1 Alert, length = 2 main, RECV TLSv1 ALERT: > fatal, handshake_failure main, called closeSocket() main, handling > exception: javax.net.ssl.SSLHandshakeException: Received fatal > alert: handshake_failure main, called close() main, called > closeInternal(true) > > I really had no idea how to interrupt the error - it's a bit > ambiguous. > > I took a wild guess that maybe it was because it was trying TLSv1, > and enabled 1.1 and 1 on the server - and it appeared to fix the > error. > > So as best as I can tell, even thought tomcat 7 supports TLSv1, the > tomcat maven plugin does not. I think? What's the configuration of Tomcat's <Connector>(s) in both the working and non-working example? What version of the JVM is in use? > My two main questions would be: > > - is there a better way to debug this issue? - is there a way to > enabled TLSv1.2 support in the tomcat maven plugin? > > The maven plugin is version 2.2, maven is 3.0.4 The server is > tomcat 7. What about the JVM being used with Maven? Can you try running this tool against your server? http://markmail.org/thread/tz4z44nfjl7sy2lj - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU+IWnAAoJEBzwKT+lPKRYwDIP/27+p8e6NAdn7qodRKO+WRlr ofecmUEk2OIxDz3V3NXMa6ZPBBkpnvEJ0snd8WuXDuLUjqsfy4SZpTnWuV2cx5Vh V84JJAnRN2aH3MIm9X+Qi8X4msrdmWg2ZBmU4yf+rNOuX9Uz1OO2kic9kBjRa/WF R7sZj4NUrdBag9d4WKCGt7gmUvFVSrmWmEAjof2fi/5FsSyqhT4Jue/J76RDIrGH HmRQXBrLyngUqExrVGlCbzQegPvpziBNX0P8mqlSZZ90BCEHm1eB7m4dsR3/wTAD 0o1Y2cOrWbgWt34pUiSDudX77p4/ENXDpusZ3rje2b7s278C9c5l2NVUJLyLO6uz mQNc6rJL8jzMAA6wsDMeOWlHCwjMS7EJ5mlB2teH8EVIG1V1LvJrmqVSC0GWKDz4 jMVMw/dG6cGEUPPt15uVX6PVDvRPHd54eZoFy/UDNeMhhg9e+6bRcHlV8UmtcOlb ZKNtp2TA+8cdpszvab/e6t84v9e78Iwd7k4Vhl+xqXPkVngVnr9zG2PXJq2PxDNj niSPIP3oQd9A7W4ctFr0A+u60ASIvWiottN69Yv0ku25Z00e3swXO3Q3OMEmymvk qFsVHP2FK9ARBJEQbpHAOgh3Vsg0Ttx6EnwkSztMQ2augYkUSNeR+qw1ORos82M1 cNilBEoJd3EdyeAijff0 =Z+h2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
