-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
On 10/13/15 5:08 PM, Christopher Schultz wrote: > George and Aurélien, > > On 10/13/15 5:06 PM, George Stanchev wrote: >> Try the dropbox location in my prev messages. It contains a >> sample echo server you can use to test. It is a Visual Studio >> 2013 project. In case you don’t have that, I've uploaded x64 >> executables under SSLServer_executbale.zip. It is pretty much >> self contained, it has the redist DLLs, the server cert, all... > >> It eliminates the need of IIS as it does the same thing - accept >> connection, read payload, upgrade to 2 way ssl... > >> It generates output like this [1] > >> The line " Decrypt error from SCHANNEL, Client ID: >> a1cefeb8-bad3-4903-8dbe-fdea347f666e" is emitted when bad record >> mac is caught on the server side... > > On 10/13/15 4:55 PM, Aurélien Terrestris wrote: >> "How do you force Java 8 to use SSLv2Hello?" > >> You can do this when writing your own Java client : calling the >> SSLSocketFactory to create an SSLSocket and configure with >> setEnabledProtocols ( > > https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLSocket.html #s > > etEnabledProtocols-java.lang.String:A- >> ) > >> If you have some IIS server on internet which reproduces the >> problem, I'll try with JTouch ( jtouch.sourceforge.net ) or write >> a small client. > > I've got a client already written. I'll post the latest code > somewhere. https://wiki.apache.org/tomcat/tools/SSLTest.java and https://wiki.apache.org/tomcat/tools/SSLUtils.java This tool only performs the SSL handshake, so it doesn't do anything at the HTTP level. It doesn't do client certificates; I'd be happy to see someone add that capability and update the code on the Wiki. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWHXaUAAoJEBzwKT+lPKRYTgcQAKdzEBtjLyCbkBBlJJObUxm0 dxAhLIFfBkcmo0IquMUJBnCHJ9hfuuhnXDvzLhvvAhfoiG8CkGfcjw79LwcL49iO +eAuz1bycFvfSoVW+ZEPIXl13n4v+t2hBYfGJJgcYefOBJBfIGLHTazmi53F9vfn zrnno6wRZkZ+JrFrzSlfMMvWnOE7Uv5ZDKw/8tv85ZTPuIIdIud8Uy0Z5J3HHgYx t5WBL3JaqLcUihIUUuibSfmw27iyfKPv6OusoVPKc9pKb+uWoLftyE4d4btVTFEV qDAdmW3XaA/1GHZ3n5szHND+EkdKkiiic7mHRgsN+4F/AH3KVoWs9+Qw9vOhO+da XgeehuKB1nfnNrhI1n4eEoYC+P162GxVqNKIsKFat38BGEZlCRaAt8UtsfhE0AvO 2gaF1k1vyYcCoXhNYF9WQLatnx1MXeAZMYw3oAZPOusDoqtGElCJfYc1K8iJayEl bBzYojkzLjFqPfJJ8tvCqBwkngNCw6MgyqVbYSMxDREQtZBa2xYGLHv9bWL0Kp+6 Q5Y3u4uks7OCGH+Usfvq82ZGnp6mnneA2jgAd0KWSJDjKcaNUWQVOirPVTFnpNmh +dUZUM/gR1CIQHoiu8i8NH9qn2jtBtDvnYRWswzJlt9tOpaxPQWwdBL86gj4cWHp aGwTUveYwOgLokoEUXHO =Iha7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
