-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ron,
On 9/21/16 11:58 AM, Roskens, Ronald wrote: >> -----Original Message----- From: Christopher Schultz >> [mailto:ch...@christopherschultz.net] Sent: Wednesday, September >> 21, 2016 9:40 AM To: Tomcat Users List Subject: Re: TLS 1.2 >> Handshake on Tomcat 7.0.39 Getting Internal Error: Key format >> must be RAW >> > > <snipped> > >> This may be the most promising page on the Internet, but of >> course Red Hat wants you to pay to read it: >> >> https://access.redhat.com/solutions/1309153 >> >> I can't see the "verified solution", or I'd reprint it here >> without permission :) > > The resolution says to either disable TLS 1.2 or FIPS mode. > > The root cause is the PKCS#11 implementation included in Java 7 and > 8 does not support TLS 1.2 when in FIPS mode as documented in > OpenJDK bug JDK-8029661 > (https://bugs.openjdk.java.net/browse/JDK-8029661) > > See also: > https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/F IPS.html Thanks > for posting this. Good old FIPS: hobbling real security since 1994. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJX4ro3AAoJEBzwKT+lPKRYuwMQALHX2Gcr3u5FH40Gb+PwLPK6 X4ZHDaTCIU8SFO8O4CxSAIBtwAyGr9s4KiHBFghthvxflAXZ7X8IBZVG7Ja/q+jM EADuBgbc5YoPJZSvCU3LcWLU4eugIwT0S6u/B1wdwOOQk7ju6/K5pSk3zhs8SPYC LcdffnxsfoVDUjNy3EMnI6nNhJx4eaauIlQRMqloq94ldENilurx/5zigvE6i0jd QAGY8/GXodTL4pTOAbvdjpYBtPkP5obts4iG4YV7YDrVkiBq8UarrqoUKHFceu6k IRpHo6e2JKGRjHgfn8OQReByzIz3iv5K4GdTvj8LJ1E9nmxAFAvXl8Vk2EEeovNb PzDpaMpg7wEsz+psszwDTlm1rwZp72XUV/wTpV9Rjb6aJMDzvaVIqAEHmluaPj/2 hqVdkmtQl9dTzbJhKoSUk2eqyooXu25IR+f7wfmVPxjgFLOPCDC1YkrAODJHkAUk KbP+mSJ6H0+VW6pcIXgfexCqlmzAhKQt3xy/ZNLwEdZZ1z+OJbPsfI0LnSE52TlT xuZKsQHImJQLXdtBgxAFlk2aLXZz4xq5pJvKdGlDOw/Z5NkvAmU36x8BIbbAALq6 cT4zk77DUGpup0DFOAruKKmhThxP8/rbo53zv2HlNEz6aObANCetH7KMko/Jiu2m LeDfOCGtPdFFJeKK/RGG =XRch -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
