I'm attempting to disable SSLv3 in Tomcat 7.0.68 but every attempt to test still results in CONNECTED(00000003)
140680439531168:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:770:
I've updated server.xml with the following:
<Connector port="8444" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />
I then restart tomcat and use openssl to test:
openssl s_client -connect hdlp10-tc02:8444
2 other tomcat instances on the same server with the same server.xml modification work as expected. The difference is a different port and context.
UPDATE
Started with fresh instance of tomcat, configured server.xml and started the daemon without the WAR deployed. Tested and SSLv3 was disabled all was well.
I then deployed the WAR file and retested. Tests failed SSLv3 was being issued as handshake.
Something in this WAR file is busting things up. It's a Spring application no embedded Tomcat (pre-Spring Boot).
What the hell would be causing this to occur?
