Recently, I was trying to make an HTTP request to openmrs
web-app. When I was trying to connect over HTTPS, I was getting following
exception. Basically my php-client was sending HTTP request to
https://localhost:8443/openmrs using HTTP/Request2.
" : Unable to connect to ssl://localhost:8443. Error: stream_socket_client():
unable to connect to ssl://localhost:8443 (Unknown error) stream_socket_client():
Failed to enable crypto stream_socket_client(): SSL operation failed with code 1.
OpenSSL Error messages: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
internal errorstring(339) "Unable to connect to ssl://localhost:8443. Error:
stream_socket_client(): unable to connect to ssl://localhost:8443 (Unknown error)
stream_socket_client(): Failed to enable crypto stream_socket_client(): SSL operation
failed with code 1. OpenSSL Error messages: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1
alert internal error "
After struggling alot for possible solution, I came to know about allowed ciphers in openjdk which
was being used by tomcat7. To allow tomcat7 to run on https, I used
$ ssh-keygen -t RSA -C 'user@example.com'
which will generate an RSA SSH(2) key. I added allowed ciphers in tomcat7 server configuration
located at /etc/tomcat7/server.xml
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true" maxThreads="150"
scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/XXXX/.keystore"
keystorePass="XXXX"
ciphers="SSL_RSA_WITH_RC4_18_SHA"/>
Thats solved my problem. Hope that helps others too !
No comments:
Post a Comment