Brajesh, On 11/6/15 1:44 AM, Brajesh Patel wrote: > We are getting "ERR_SSL_PROTOCOL_ERROR" error while hitting any request > from browser following configuration we have: > > Tomcat:5.5 > > <property name="clientAuth" value="false"/> > <property name="keystoreFile" value="file ofbizssl.jks"/> > <property name="keystorePass" value="changeit"/> > <property name="keystoreType" value="JKS"/> > <property name="sslProtocol" value="TLS"/> > <property name="ciphers" > value="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV"/> > > Please suggest us.
A few things: 1. Tomcat 5.5 is no longer supported. Consider an upgrade to a later version. Tomcat 8.0.28 is the most recent version. 2. SSL protocol error is almost certainly caused by trying to use an SSLv3 client with a TLS-only server (or vice-versa). The server or the client might have been updated without you realizing it. Recent versions of the Java JVM have SSLv3 explicitly disabled and you'd need additional configuration to re-enable it. Can you connect to your server using the "openssl s_client" command? You may have to use the "-ssl3" or "-tls1" switches to be able to connect. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
