On 12/11/2010 16:27, Goo Sam Kong wrote:
> Hi
>
> I am running Tomcat 6.0.29 with JDK 1.6.0_22 on Windows XP.
APR/native connector version? SSL re-negotiation wasn't supported until
recently and the CVE-2009-3555 fixes further complicate things.
> <Connector SSLCACertificateFile="C:\usr-files\client-cert-ca.crt"
> SSLCertificateFile="C:\usr\tomcat\tomcat.crt"
> SSLCertificateKeyFile="C:\usr\tomcat\tomcat.key"
> SSLCipherSuite="AES128-SHA:DES-CBC3-SHA"
> SSLEnabled="true"
> SSLEngine="on"
> SSLVerifyClient="optional"
> maxThreads="150"
> port="8443"
> protocol="HTTP/1.1"
> scheme="https"
> secure="true"
> sslProtocol="TLS" />
Is SSLEngine a valid attribute here? I don't see it in the Connector docs.
SSLVerifyClient="optional" can (should?) be removed.
Is that SSLCipherSuite compatible with your client? Try removing that
setting until everything else is working.
The following settings are known to work:
<Connector
port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
SSLCertificateFile="${catalina.base}/conf/tomcathost-cert.pem"
SSLCertificateKeyFile="${catalina.base}/conf/tomcathost-key.pem"
SSLCACertificateFile="${catalina.base}/conf/cacert.pem" />
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
