2016-09-27 16:29 GMT+02:00 Persson, Magnus (SE-TLX)
<magnus.pers...@assaabloy.com>:
> Hi,
>
> We started out with tomcat 7.0.35 and got that running with our REST
> servlet.
>
> When we upgraded to tomcat 7.0.63 we got this error when we tried to
> create a new session:
>
> {
> "message": "[Errno 1] _ssl.c:507: error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"
> }
>
> Through Google we found out that we needed to add "SSLv2Hello" to the
> enabled protocols so we changed our connector in server.xml like this
> (only added SSLv2Hello):
>
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> keystoreFile="${catalina.base}/conf/keystore"
> keystorePass="*" clientAuth="false"
> sslProtocol="TLS"
> sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"
> URIEncoding="UTF-8" />
>
> We upgraded to tomcat 7.0.68 and it works fine with above connector in
> server.xml
>
> When we upgraded to tomcat 7.0.70 we got the sslv3 error again even
> though we have SSLv2Hello in the enabled protocols:
>
> {
> "message": "[Errno 1] _ssl.c:507: error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"
> }
>
> What do we need to change in the server.xml file to bypass the ssl3
> error this time?
Hello:
I'm not sure but you can try these options:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames
Note that SSLv2 and SSLv3 are inherently unsafe.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
