[Bug 57728] New: OpenSSL error 140A90A1 (no ciphers) on Tomcat 6.0.43 with tcnative 1.1.32 and APR SSL connector

Thu, 19 Mar 2015 12:24:06 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=57728

            Bug ID: 57728
           Summary: OpenSSL error 140A90A1 (no ciphers) on Tomcat 6.0.43
                    with tcnative 1.1.32 and APR SSL connector
           Product: Tomcat 6
           Version: 6.0.43
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Native:Integration
          Assignee: [email protected]
          Reporter: [email protected]

We are experiencing issues with Tomcat 6.0.43 that do not occur on Tomcat
7.0.59 with the exact same versions of tomcat-native (1.1.32) and apr (1.5.1)
and same Tomcat configuration.

When starting Tomcat, it throws the following exception (more complete logs,
stacktrace, and configuration below):

java.lang.Exception: Invalid Server SSL Protocol
(error:140A90A1:lib(20):func(169):reason(161))

This error means:
$ openssl errstr 140A90A1
error:140A90A1:SSL routines:SSL_CTX_new:library has no ciphers

I tried specifying explicit SSLProtocol and SSLCipherSuite to no avail. To be
sure that this was not caused by bugs in distribution patches (such as
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780447 which bit us on Tomcat
7.0.59), I compiled tomcat-native and libapr from latest Apache sources,
obtained directly from Apache mirrors.

More complete log and stacktrace:

Mar 19, 2015 6:56:12 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.32 using APR version
1.5.1.
Mar 19, 2015 6:56:12 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
Mar 19, 2015 6:56:13 PM org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: Invalid Server SSL Protocol
(error:140A90A1:lib(20):func(169):reason(161))
        at org.apache.tomcat.jni.SSLContext.make(Native Method)
        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:779)
        at
org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:109)
        at
org.apache.catalina.connector.Connector.initialize(Connector.java:1123)
        at
org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
        at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)

Mar 19, 2015 6:56:13 PM org.apache.catalina.core.StandardService initialize
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-7102]]
LifecycleException:  Protocol handler initialization failed:
java.lang.Exception: Invalid Server SSL Protocol
(error:140A90A1:lib(20):func(169):reason(161))
        at
org.apache.catalina.connector.Connector.initialize(Connector.java:1125)
        at
org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
        at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)

Relevant Tomcat configuration:

      <Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />

      <Connector port="7102"
                 maxThreads="200"
                 protocol="org.apache.coyote.http11.Http11AprProtocol"
                 scheme="https"
                 secure="true"
                 SSLEnabled="true"
                 SSLCertificateFile="${catalina.base}/sslcerts/test-cert.pem"
                 SSLCertificateKeyFile="${catalina.base}/sslcerts/test-key.pem"
                 SSLVerifyClient="optional"/>

Host is Ubuntu Trusty 14.04 with libssl 1.0.1f-1ubuntu2.8, Java is build
1.7.0_55-b13.

Again, this same exact configuration, on the same system, with the same
libraries, starts just fine with Tomcat 7.0.59, and worked fine on Tomcat
6.0.37 with tomcat-native 1.1.29 and libapr 1.5.0. Note we have some
applications which still require Tomcat 6 or we would simply do the obvious and
migrate to Tomcat 7 or 8.

Let me know if there's any additional information I can provide.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to