> -----Original Message----- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, September 21, 2016 9:40 AM > To: Tomcat Users List > Subject: Re: TLS 1.2 Handshake on Tomcat 7.0.39 Getting Internal Error: Key > format must be RAW >
<snipped> > This may be the most promising page on the Internet, but of course Red Hat > wants you to pay to read it: > > https://access.redhat.com/solutions/1309153 > > I can't see the "verified solution", or I'd reprint it here without > permission :) The resolution says to either disable TLS 1.2 or FIPS mode. The root cause is the PKCS#11 implementation included in Java 7 and 8 does not support TLS 1.2 when in FIPS mode as documented in OpenJDK bug JDK-8029661 (https://bugs.openjdk.java.net/browse/JDK-8029661) See also: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/FIPS.html Ron This e-mail message is being sent solely for use by the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by phone or reply by e-mail, delete the original message and destroy all copies. Thank you.
