shibboleth-dev - RE: [Shib-Dev] OpenSSL 0.9.8j and Tomcat

Subject: Shibboleth Developers

List archive

RE: [Shib-Dev] OpenSSL 0.9.8j and Tomcat

From: "Scott Cantor" <>
To: <>
Subject: RE: [Shib-Dev] OpenSSL 0.9.8j and Tomcat
Date: Thu, 5 Feb 2009 08:56:11 -0500
Organization: The Ohio State University

Kaspar Brand wrote on 2009-02-05:
> If you add "disable-tlsext" to the OpenSSL config command and recompile,
> does the error disappear?

That'll take me some time to try, but...

> With the s_client commannd (from a "stock"
> 0.9.8j version), you could also try "-no_ticket" and see if that helps
> (will disable one of the TLS extensions, which might be the culprit here).

Yep. That appears to fix it (just from s_client of course).

I don't know if there's any way to get libcurl to match that option's
behavior. I suspect the extension disabling will work around it as you
suggest, if/when rebuilding is an option.

Sounds like a probable bug in the Java server code though.

Thanks,
-- Scott

OpenSSL 0.9.8j and Tomcat, Scott Cantor, 02/04/2009
- Re: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, Kaspar Brand, 02/05/2009
  - RE: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, Scott Cantor, 02/05/2009
    - Re: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, Kaspar Brand, 02/05/2009
      - RE: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, Scott Cantor, 02/05/2009
      - RE: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, Scott Cantor, 02/05/2009
- Re: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, André Cruz, 02/05/2009
  - RE: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, Scott Cantor, 02/05/2009
    - Re: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, André Cruz, 02/05/2009
      - Re: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, André Cruz, 02/06/2009
        
        Re: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, Kaspar Brand, 02/06/2009
    - Re: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, André Cruz, 02/05/2009
      - RE: [Shib-Dev] OpenSSL 0.9.8j and Tomcat, Scott Cantor, 02/05/2009

List archive

RE: [Shib-Dev] OpenSSL 0.9.8j and Tomcat