Igor, Thank you for the response!
Since the request is failing at SSL handshake, Tomcat doesn’t even record anything not even the access log. I tried enabling debug at tomcat but nothing is captured during the request initiation. Thank you, Vamsi Gali -----Original Message----- From: Igor Cicimov [mailto:icici...@gmail.com] Sent: Wednesday, October 11, 2017 4:09 AM To: Tomcat Users List Subject: Re: FW: [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection On 11 Oct 2017 1:50 am, "Gali, Vamsi A" <vamsi_a_g...@keybank.com.invalid> wrote: Hello, Any help is appreciated on this issue. Thank you, Vamsi Gali -----Original Message----- From: Gali, Vamsi A Sent: Thursday, October 05, 2017 12:03 PM To: 'Tomcat Users List' Subject: RE: [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection Hello, I just realized that I didn’t provide the environment info & following are the details: Tomcat: apache-tomcat-7.0.75 IHS: HIS v8.5.5.x OS: RHEL We have IHS→mod_proxy(on IHS) → Tomcat. I know that IHS isn’t the suggested webserver to use with Tomcat but it’s in use. [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection When Tomcat is accessed through webserver url, it throws ‘500’ with the following stack on the IHS Error log: [Thu Oct 00 09:20:20 2017] [debug] proxy_util.c(2313): proxy: HTTPS: fam 2 socket created to connect to TOMCAT2 [Thu Oct 00 09:20:20 2017] [debug] proxy_util.c(2419): proxy: HTTPS: connection complete to TOMCAT-IP:PORT (TOMCAT2) [Thu Oct 00 09:20:20 2017] [error] SSL0266E: Handshake Failed, Could not establish SSL proxy connection. [Thu Oct 00 09:20:20 2017] [info] [client TOMCAT-IP] [7fa404014a60] [13789] SSL0240I: SSL Handshake Failed, Socket has been closed. Client sent fatal alert [level 2 (fatal), description 40 (handshake_failure)] [TOMCAT-IP:PORT -> IHS:PORT] [09:20:20.000967434] 0ms [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] [7fa404014a60] Handshake transcript: [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] <client_hello> [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] client_version [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] gsksslDissector_8Bits [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] 03 [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] gsksslDissector_8Bits [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] 03 [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] TLSV12 [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] random [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] gsksslDissector_32Bits [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] 9xxxxxx [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] gsksslDissector_Opaque [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] Length: 28 [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] 1x 62 xx B3 1F 44 xx 8E D2 xx x7 17 xx 59 x9 x9 .b...D...)...Y.. [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] x1 91 19 08 25 xx DC xx E1 xx 20 xx ....%..o.9 x [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] session_id [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] Length: 00 [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] cipher_suites [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] Length: 14 [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] 0x Fx x6 00 00 xx 00 xx 00 xx 00 xx 00 xx ..V..../.5.... [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] tls_ri_scsv,tls_fallback_scsv,tls_rsa_with_rc4_128_sha,tls_ rsa_with_aes_128_cbc_sha,tls_rsa_with_aes_256_cbc_sha,tls_ rsa_with_3des_ede_cbc_sha,tls_rsa_with_rc4_128_md5 [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] compression_methods [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] Length: 01 [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] 00 . [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] Extensions [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] Length: 00 [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] Extension Count: 0 [Thu Oct 00 09:20:20 2017] [debug] [client TOMCAT-IP] end handshake transcript [Thu Oct 00 09:20:20 2017] [debug] proxy_util.c(2442): proxy: HTTPS: pre_connection setup failed (500) [Thu Oct 00 09:20:20 2017] [debug] proxy_util.c(2022): proxy: HTTPS: has released connection for TOMCAT2 ------------------------------------------------------------ ------------------------------------------------------------ -------------------------- What’s done: IHS & Tomcat keystores contain required signers for proper communication. During the troubleshooting, I even added IHS server cert as a signer into Tomcat keystore and vice-versa but cannot get rid of this error. Also, tried restricting both IHS & Tomcat to use TLSv1 but no success. Has anyone ran into similar issues? Or ever tried Tomcat with IHS using mod_proxy module? Thank you, Vamsi Gali This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act. You may not directly or indirectly reuse or redisclose such information for any purpose other than to provide the services for which you are receiving the information. 127 Public Square, Cleveland, OH 44114 If you prefer not to receive future e-mail offers for products or services from Key send an e-mail to mailto:dnereque...@key.com with 'No Promotional E-mails' in the SUBJECT line. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Well what does tomcat log say? You can add java debug ssl option to JAVA_OPTS in the default tomcat config file maybe it will give you a clue.
