New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkispawn: SSL_ForceHandshake issue for non-CA on HSM on both shared and nonshared tomcat instances #1998
Comments
Comment from mharmsen (@mharmsen) at 2015-06-22 23:57:09 Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1234638 (Red Hat Certificate System) |
Comment from edewata (@edewata) at 2015-06-23 20:25:38 Per discussion with cfu, a new deployment config parameter should be added to select the initial cipher set (RSA or ECC). |
Comment from cfu (@cfu) at 2015-06-23 22:34:15 there is an existing pki_ssl_server_key_type which can be used. |
Comment from cfu (@cfu) at 2015-06-30 03:51:44 The SSL_ForceHandshake failed issue has a workaround. The workaround is the following: Edit the CA's server.xml: replace the sslRangeCiphers value with the following:
I will provide the actual fix in code in due time. |
Comment from cfu (@cfu) at 2015-07-01 22:44:44 pushed to master: |
Comment from mharmsen (@mharmsen) at 2017-02-27 14:00:02 Metadata Update from @mharmsen:
|
This issue was migrated from Pagure Issue #1438. Originally filed by mharmsen (@mharmsen) on 2015-06-22 18:34:52:
This ticket is a consolidation of the following three tickets:
Example of failure from KRA ticket:
The text was updated successfully, but these errors were encountered: