-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kobe,
On 11/8/11 2:01 PM, Kobe wrote:
> thank for your help. here is more info on my setup: tomcat version
> 6.0.29. And tomcat is startin clean; no ererors while loading.
>
> if I use tls1, I get same error as before ("bad version").
>
> when i test with openssl s_client, I check line 293 of s3_pkt.c. it
> say -->
>
>
> if ((version>>8) != SSL3_VERSION_MAJOR) {
>
> SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto
> err; }
>
>
>
> so client is wanting ssl version 3. But i have same error with
> browser. i donot/cannot find what version browser wants - i Think
> it is 3.
Your web browser likely has SSL 2.0 disabled entirely. You should
check which types of SSL/TLS are enabled.
> So I am thinking, there is misconfigure on this server. i would
> like to find why this server respond with SSLv2 ClientHello instead
> of SSLv3 ClientHello.
Why do you think you are getting an SSLv2 reply?
> how do i find this misconfigurn?
Are you using the same version of openssl as the "client" as you are
using withing Tomcat? I wonder if the FIPS mode is tripping you up.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk65274ACgkQ9CaO5/Lv0PAcfwCeI/nP0CP5Y8Jj1q/1Im/9ef9Y
tZQAnial2UmsG5FSBSkSclenImxf5YR+
=vgDW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
