java - Tomcat7 enable tlsv1.1 using APR Connector -

java - Tomcat7 enable tlsv1.1 using APR Connector -

here's environment: ubuntu 12.04 sun jre 1.7.0_60 tomcat 7.0.26 openssl 1.0.1-4ubuntu5.15 libssl1.0.0 1.0.1-4ubuntu5.15

currently, tomcat server accepts tlsv1 connections, i'm trying update configuration back upwards tlsv1.1 connections well. next current connector configuration server.xml

<connector port="443" protocol="http/1.1" sslenabled="true" maxthreads="150" scheme="https" secure="true" clientauth="false" sslprotocol="tlsv1" acceptcount="100" disableuploadtimeout="true" enablelookups="false" sslcertificatefile="/opt/certs/cert.pem" sslcertificatekeyfile="/opt/certs/private-key.pem" sslcacertificatefile="/opt/certs/cert.pem" server="apache" ciphers="tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_ecdh_ecdsa_with_aes_128_cbc_sha, tls_ecdh_ecdsa_with_aes_256_cbc_sha, tls_ecdh_rsa_with_aes_128_cbc_sha, tls_ecdh_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_dhe_rsa_with_aes_128_cbc_sha, tls_dhe_rsa_with_aes_256_cbc_sha, tls_dhe_dss_with_aes_128_cbc_sha, tls_dhe_dss_with_aes_256_cbc_sha" />

i tried alter tlsv1 tlsv1.1 doesn't seem solving problem. here's output running follwing command

openssl s_client -connect ip_address:443 -tls1_1 -msg connected(00000003) >>> tls 1.1 [length 00dc] 01 00 00 d8 03 02 53 aa 16 c1 84 4a 2d a1 8b 54 e9 10 85 dd 30 66 c6 d8 41 0c 57 38 fa 59 95 6c 82 e7 dc 6f ac bb 00 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 01 >>> tls 1.0 alert [length 0002], fatal protocol_version 02 46 139739825112736:error:1408f10b:ssl routines:ssl3_get_record:wrong version number:s3_pkt.c:337: --- no peer certificate available --- no client certificate ca names sent --- ssl handshake has read 5 bytes , written 7 bytes --- new, (none), cipher (none) secure renegotiation not supported compression: none expansion: none ssl-session: protocol : tlsv1.1 cipher : 0000 session-id: session-id-ctx: master-key: key-arg : none psk identity: none psk identity hint: none srp username: none start time: 1403655873 timeout : 7200 (sec) verify homecoming code: 0 (ok) ---

tlsv1 connections still works if have changed sslprotocols tlsv1.1. have gone through tomcat documentations , didn't mention tlsv1.1 in apr connector, possible or have utilize other connectors?

according tomcat apr ssl page, need populating sslenabledprotocols value tlsv1.1.

java tomcat ssl