Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: Trunk
    • Fix Version/s: 14.12.01, 12.04.06, 13.07.02
    • Component/s: None
    • Labels:
    • Environment:

      unix

    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      Hi there--

      This topic seemed relevant because it is a major security issue that recently came up and will affect many ecommerce sites for ofbiz.

      I am in process of trying to disable sslv3 on our version of of
      ofbiz uses tomcat 6.

      This is to eliminate the security vulnerability from poodle bleed.
      http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed

      We have tried updating the of ofbiz-containers.xml file like below, but it
      did not disable sslv3. Poodle is still there.

      I have also seen fixes that update server.xml with something similar.

      <property name="sslProtocol" value="TLS"/>
      <property name="sslEnabledProtocols" value="TLSv1"/>

      Has anyone else had luck fixing the poodle issue on Apache ofbiz?

      Or in any of biz products… where is the best place to fix this in of biz??

      Thanks!

      The Poodle fixer

      1. OFBIZ-5848-java17-12.04.patch
        27 kB
        Nicolas Malin
      2. OFBIZ-5848-java17-12.04.patch
        26 kB
        Nicolas Malin
      3. OFBIZ-5848-java17-12.04.patch
        24 kB
        Nicolas Malin

        Activity

        Hide
        soledad Nicolas Malin added a comment -

        Hello ... the poodle fixer ?

        As OFBiz 09.04 haven't an official support, I don't think that your correction will be present on a future package. But can you associate your patch to fix this issues ?

        It's interesting for all production site that still work with this release.

        Show
        soledad Nicolas Malin added a comment - Hello ... the poodle fixer ? As OFBiz 09.04 haven't an official support, I don't think that your correction will be present on a future package. But can you associate your patch to fix this issues ? It's interesting for all production site that still work with this release.
        Hide
        hrcboston Poodle Fixer added a comment - - edited

        Hi there--you can follow this thread here.
        http://ofbiz.135035.n4.nabble.com/Re-Ofbiz-09-04-piddle-bleed-fix-td4657772.html#a4657792

        I wonder if this ticket is worth addressing for newer versions well?

        ofbiz is an ecommerce platform so this is going to be an important issue for anyone using external companies to pass sensetive data to... over https...

        anyway, food for thought.

        Show
        hrcboston Poodle Fixer added a comment - - edited Hi there--you can follow this thread here. http://ofbiz.135035.n4.nabble.com/Re-Ofbiz-09-04-piddle-bleed-fix-td4657772.html#a4657792 I wonder if this ticket is worth addressing for newer versions well? ofbiz is an ecommerce platform so this is going to be an important issue for anyone using external companies to pass sensetive data to... over https... anyway, food for thought.
        Hide
        hrcboston Poodle Fixer added a comment - - edited

        we had success with this when developing locally:
        <property name="sslProtocol" value="TLSv1"/>
        <property name="protocols" value="TLSv1"/>

        the reason is that it is undoucmented to use protocols instead of sslEnabledProtocols

        see https://blogs.atlassian.com/2014/10/ssl-poodle/
        http://tomcat.10.x6.nabble.com/How-to-allow-only-TLS-1-1-connections-to-Tomcat-6-0-server-with-https

        we get this when trying to connect with ssl3 locally

        openssl s_client -connect localhost:portnumberhere -ssl3
        CONNECTED(00000003)
        6990:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:/OpenSSL/src/ssl/s3_pkt.c:290:

        Show
        hrcboston Poodle Fixer added a comment - - edited we had success with this when developing locally: <property name="sslProtocol" value="TLSv1"/> <property name="protocols" value="TLSv1"/> the reason is that it is undoucmented to use protocols instead of sslEnabledProtocols see https://blogs.atlassian.com/2014/10/ssl-poodle/ http://tomcat.10.x6.nabble.com/How-to-allow-only-TLS-1-1-connections-to-Tomcat-6-0-server-with-https we get this when trying to connect with ssl3 locally openssl s_client -connect localhost:portnumberhere -ssl3 CONNECTED(00000003) 6990:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:/OpenSSL/src/ssl/s3_pkt.c:290:
        Hide
        hrcboston Poodle Fixer added a comment -

        it was a tomcat6 issue

        Show
        hrcboston Poodle Fixer added a comment - it was a tomcat6 issue
        Hide
        jacques.le.roux Jacques Le Roux added a comment - - edited

        Hi The Poodle fixer,

        It was not only a Tomcat 7 issue. We had the same un trunk HEAD.

        Following your indications in above links I found the solution for the trunk and fixed vulnerabilty in trunk HEAD using TLSv1.2 as explained at the bottom of this comment https://blogs.atlassian.com/2014/10/ssl-poodle/#comment-190966
        The same apply to supported releases branches since they all use Tomcat 7.

        Committed in
        trunk r1636864
        R13.07 1636866
        R12.04 1636867

        Thanks Poodle fixer

        Show
        jacques.le.roux Jacques Le Roux added a comment - - edited Hi The Poodle fixer, It was not only a Tomcat 7 issue. We had the same un trunk HEAD. Following your indications in above links I found the solution for the trunk and fixed vulnerabilty in trunk HEAD using TLSv1.2 as explained at the bottom of this comment https://blogs.atlassian.com/2014/10/ssl-poodle/#comment-190966 The same apply to supported releases branches since they all use Tomcat 7. Committed in trunk r1636864 R13.07 1636866 R12.04 1636867 Thanks Poodle fixer
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        I have also committed a fix for Tomcat 6 which might be used in appserver

        trunk r1636869
        R12.04 1636870

        Show
        jacques.le.roux Jacques Le Roux added a comment - I have also committed a fix for Tomcat 6 which might be used in appserver trunk r1636869 R12.04 1636870
        Hide
        jacques.le.roux Jacques Le Roux added a comment - - edited

        For those who are interested by this vulnerability, here are 2 references for browser and server sides:
        https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers
        https://wiki.mozilla.org/Security/Server_Side_TLS

        In trunk and releases branches I forced the protocol to TLS 1.2. This is a moot point (we could use TLS 1.0).

        Good to know: most web browsers support TLS 1.0 (not enabled by default in Internet Explorer 6).
        Browsers that by default support the latest TLS 1.2 version are:

        • Google Chrome 30+
        • Mozilla Firefox 27+
        • Microsoft Internet Explorer 11+
        • Opera 17+
        • Apple Safari 7+

        But time will quickly pass, with modern browsers updated online. So since I was forced to force a protocol version I picked the last one. Also because my tests with nmap were clear/sure with TLS 1.1/2 but not TLS 1.0.

        Show
        jacques.le.roux Jacques Le Roux added a comment - - edited For those who are interested by this vulnerability, here are 2 references for browser and server sides: https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers https://wiki.mozilla.org/Security/Server_Side_TLS In trunk and releases branches I forced the protocol to TLS 1.2. This is a moot point (we could use TLS 1.0). Good to know: most web browsers support TLS 1.0 (not enabled by default in Internet Explorer 6). Browsers that by default support the latest TLS 1.2 version are: Google Chrome 30+ Mozilla Firefox 27+ Microsoft Internet Explorer 11+ Opera 17+ Apple Safari 7+ But time will quickly pass, with modern browsers updated online. So since I was forced to force a protocol version I picked the last one. Also because my tests with nmap were clear/sure with TLS 1.1/2 but not TLS 1.0.
        Hide
        vikasmayur Vikas Mayur added a comment - - edited

        Two Questions on how we handle security vulnerabilities:

        1. Should we also update the information on the news section on the site for such security/critical fixes?
        2. Does it affect the regular release cycle in any manner or should we have a different release strategy for such bugs. The bug will be fixed with release 12.04.06 and 13.07.02 but that won't be happening in next 4-5 months.

        Pardon me if its already discussed but I don't find any information in the archives.

        Show
        vikasmayur Vikas Mayur added a comment - - edited Two Questions on how we handle security vulnerabilities: 1. Should we also update the information on the news section on the site for such security/critical fixes? 2. Does it affect the regular release cycle in any manner or should we have a different release strategy for such bugs. The bug will be fixed with release 12.04.06 and 13.07.02 but that won't be happening in next 4-5 months. Pardon me if its already discussed but I don't find any information in the archives.
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Hi Vikas,

        Thanks for your good questions.

        1. We have already https://ofbiz.apache.org/download.html#vulnerabilities but we could indeed put a link to that from the news section on main page
        2. There is currently a discussion within the PMC about this subject. I don't unveil any important secrets by saying that for this bug we tend rather to send a notice on the user ML. Because fixing the bug in the releases branches is not enough. People with not supported releases would not be aware of the issue. And we don't want to create a new release right now because this bug is not really part of the OFBiz code and only need a configuration change. I suggested to put the notice sent to the user ML also on the Dowload page where it will stay as a reminder. This last point as not been yet discussed.
        Show
        jacques.le.roux Jacques Le Roux added a comment - Hi Vikas, Thanks for your good questions. We have already https://ofbiz.apache.org/download.html#vulnerabilities but we could indeed put a link to that from the news section on main page There is currently a discussion within the PMC about this subject. I don't unveil any important secrets by saying that for this bug we tend rather to send a notice on the user ML. Because fixing the bug in the releases branches is not enough. People with not supported releases would not be aware of the issue. And we don't want to create a new release right now because this bug is not really part of the OFBiz code and only need a configuration change. I suggested to put the notice sent to the user ML also on the Dowload page where it will stay as a reminder. This last point as not been yet discussed.
        Hide
        deepak.dixit Deepak Dixit added a comment -

        Hi Jacques,

        TLSv1.2 will not work with Java6. I am getting following error when we build R13.07 branch with java6.

         [java] java.io.IOException: TLSv1.1 SSLContext not available
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) [tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) [tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239) [ofbiz-catalina.jar:?]
             [java] 	at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235) [ofbiz-base.jar:?]
             [java] 	at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353) [ofbiz.jar:?]
             [java] 	at org.ofbiz.base.start.Start.start(Start.java:379) [ofbiz.jar:?]
             [java] 	at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?]
             [java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available
             [java] 	at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65]
             [java] 	at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) ~[?:1.6]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	... 17 more
             [java] 2014-11-07 12:09:12,175 |main                 |StandardService               |E| Failed to initialize connector [Connector[HTTP/1.1-8443]]
             [java] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239) [ofbiz-catalina.jar:?]
             [java] 	at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235) [ofbiz-base.jar:?]
             [java] 	at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353) [ofbiz.jar:?]
             [java] 	at org.ofbiz.base.start.Start.start(Start.java:379) [ofbiz.jar:?]
             [java] 	at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?]
             [java] Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
             [java] 	at org.apache.catalina.connector.Connector.initInternal(Connector.java:980) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	... 10 more
             [java] Caused by: java.io.IOException: TLSv1.1 SSLContext not available
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	... 10 more
             [java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available
             [java] 	at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65]
             [java] 	at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) ~[?:1.6]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	... 10 more
             [java] 2014-11-07 12:09:12,209 |main                 |CatalinaContainer             |I| createContext(vastra)
             [java] 2014-11-07 12:09:12,216 |main                 |CatalinaContainer             |I| createContext(uif)
             [java] 
        

        I dig into it and found that TLSv1.2 wasn't added to the default JCE provider until Java 7.
        http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext
        http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext

        We need to either set it to TLSv1.1 for R13.07 and R12.04

        Show
        deepak.dixit Deepak Dixit added a comment - Hi Jacques, TLSv1.2 will not work with Java6. I am getting following error when we build R13.07 branch with java6. [java] java.io.IOException: TLSv1.1 SSLContext not available [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) [tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) [tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239) [ofbiz-catalina.jar:?] [java] at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235) [ofbiz-base.jar:?] [java] at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.start(Start.java:379) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?] [java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available [java] at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65] [java] at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) ~[?:1.6] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] ... 17 more [java] 2014-11-07 12:09:12,175 |main |StandardService |E| Failed to initialize connector [Connector[HTTP/1.1-8443]] [java] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239) [ofbiz-catalina.jar:?] [java] at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235) [ofbiz-base.jar:?] [java] at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.start(Start.java:379) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?] [java] Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:980) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] ... 10 more [java] Caused by: java.io.IOException: TLSv1.1 SSLContext not available [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] ... 10 more [java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available [java] at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65] [java] at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) ~[?:1.6] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] ... 10 more [java] 2014-11-07 12:09:12,209 |main |CatalinaContainer |I| createContext(vastra) [java] 2014-11-07 12:09:12,216 |main |CatalinaContainer |I| createContext(uif) [java] I dig into it and found that TLSv1.2 wasn't added to the default JCE provider until Java 7. http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext We need to either set it to TLSv1.1 for R13.07 and R12.04
        Hide
        deepak.dixit Deepak Dixit added a comment -

        I checked with TLSv1.1 with java and get the same error

        [java] 2014-11-07 12:20:35,758 |main                 |Http11Protocol                |E| Failed to initialize end point associated with ProtocolHandler ["http-bio-0.0.0.0-8443"]
             [java] java.io.IOException: TLSv1.1 SSLContext not available
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) [tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) [tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239) [ofbiz-catalina.jar:?]
             [java] 	at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235) [ofbiz-base.jar:?]
             [java] 	at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353) [ofbiz.jar:?]
             [java] 	at org.ofbiz.base.start.Start.start(Start.java:379) [ofbiz.jar:?]
             [java] 	at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?]
             [java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available
             [java] 	at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65]
             [java] 	at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) ~[?:1.6]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	... 17 more
             [java] 2014-11-07 12:20:35,771 |main                 |StandardService               |E| Failed to initialize connector [Connector[HTTP/1.1-8443]]
             [java] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) [tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239) [ofbiz-catalina.jar:?]
             [java] 	at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235) [ofbiz-base.jar:?]
             [java] 	at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353) [ofbiz.jar:?]
             [java] 	at org.ofbiz.base.start.Start.start(Start.java:379) [ofbiz.jar:?]
             [java] 	at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?]
             [java] Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
             [java] 	at org.apache.catalina.connector.Connector.initInternal(Connector.java:980) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	... 10 more
             [java] Caused by: java.io.IOException: TLSv1.1 SSLContext not available
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	... 10 more
             [java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available
             [java] 	at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65]
             [java] 	at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) ~[?:1.6]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55]
             [java] 	at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55]
             [java] 	... 10 more
             [java] 2014-11-07 12:20:35,800 |main                 |CatalinaContainer             |I| createContext(ecomclone)
        
        Show
        deepak.dixit Deepak Dixit added a comment - I checked with TLSv1.1 with java and get the same error [java] 2014-11-07 12:20:35,758 |main |Http11Protocol |E| Failed to initialize end point associated with ProtocolHandler [ "http-bio-0.0.0.0-8443" ] [java] java.io.IOException: TLSv1.1 SSLContext not available [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) [tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) [tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239) [ofbiz-catalina.jar:?] [java] at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235) [ofbiz-base.jar:?] [java] at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.start(Start.java:379) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?] [java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available [java] at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65] [java] at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) ~[?:1.6] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] ... 17 more [java] 2014-11-07 12:20:35,771 |main |StandardService |E| Failed to initialize connector [Connector[HTTP/1.1-8443]] [java] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) [tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.ofbiz.catalina.container.CatalinaContainer.start(CatalinaContainer.java:239) [ofbiz-catalina.jar:?] [java] at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:235) [ofbiz-base.jar:?] [java] at org.ofbiz.base.start.Start.startStartLoaders(Start.java:353) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.start(Start.java:379) [ofbiz.jar:?] [java] at org.ofbiz.base.start.Start.main(Start.java:135) [ofbiz.jar:?] [java] Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:980) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] ... 10 more [java] Caused by: java.io.IOException: TLSv1.1 SSLContext not available [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] ... 10 more [java] Caused by: java.security.NoSuchAlgorithmException: TLSv1.1 SSLContext not available [java] at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) ~[?:1.6.0_65] [java] at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) ~[?:1.6] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSSLContext(JSSESocketFactory.java:472) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:433) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:646) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) ~[tomcat-7.0.55-tomcat-coyote.jar:7.0.55] [java] at org.apache.catalina.connector.Connector.initInternal(Connector.java:978) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) ~[tomcat-7.0.55-catalina.jar:7.0.55] [java] ... 10 more [java] 2014-11-07 12:20:35,800 |main |CatalinaContainer |I| createContext(ecomclone)
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Hi Deepak,

        In our [https://ofbiz.apache.org/download.html|Download page] I read "Java 1.7 (minimum) SDK".

        I did not try but maybe Java 6 supports TLSv1.0?

        Show
        jacques.le.roux Jacques Le Roux added a comment - Hi Deepak, In our [https://ofbiz.apache.org/download.html|Download page] I read "Java 1.7 (minimum) SDK". I did not try but maybe Java 6 supports TLSv1.0?
        Hide
        jacopoc Jacopo Cappellato added a comment -

        Unfortunately the build scripts in 13.07 still have <javac16/> set.
        We should try to see if switching all of them to <javac17/> has an effect on this.

        Show
        jacopoc Jacopo Cappellato added a comment - Unfortunately the build scripts in 13.07 still have <javac16/> set. We should try to see if switching all of them to <javac17/> has an effect on this.
        Hide
        jacopoc Jacopo Cappellato added a comment -

        Deepak,

        I know that you have both Java 6 and 7 installed: could you please try to run OFBiz with Java 7 and confirm if it works?

        Show
        jacopoc Jacopo Cappellato added a comment - Deepak, I know that you have both Java 6 and 7 installed: could you please try to run OFBiz with Java 7 and confirm if it works?
        Hide
        soledad Nicolas Malin added a comment - - edited

        For 12.04 the situation is a little bite annoying. We have the same error but java 1.7 isn't compatible.

        I try to change TLSv1.2 by TLSv1.0 but :

             [java] 2014-11-07 08:47:37,559 (main) [   AbstractProtocol.java:436:ERROR] Failed to initialize end point associated with ProtocolHandler ["http-bio-0.0.0.0-8443"]
             [java] java.io.IOException: TLSv1.0 SSLContext not available
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459)
             [java] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192)
             [java] 	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401)
        

        it's a real stinker.

        Show
        soledad Nicolas Malin added a comment - - edited For 12.04 the situation is a little bite annoying. We have the same error but java 1.7 isn't compatible. I try to change TLSv1.2 by TLSv1.0 but : [java] 2014-11-07 08:47:37,559 (main) [ AbstractProtocol.java:436:ERROR] Failed to initialize end point associated with ProtocolHandler [ "http-bio-0.0.0.0-8443" ] [java] java.io.IOException: TLSv1.0 SSLContext not available [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:459) [java] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:192) [java] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:401) it's a real stinker.
        Hide
        deepak.dixit Deepak Dixit added a comment -

        Hi Jacopo,

        R13.07 successfully build on java 7.

        jar:
              [jar] Building jar: /Users/deepakdixit/sandbox/ofbiz.13.07/specialpurpose/ecommerce/build/lib/ofbiz-ecommerce.jar
        
        build:
        [externalsubant] No sub-builds to iterate on
        
        clean-svninfo:
             [echo] Resetting svninfo...
             [echo] Done!
             [echo] [build] ========== Done Building (Compile) ==========
        
        BUILD SUCCESSFUL
        Total time: 45 seconds
        deepaks-mbp:ofbiz.13.07 deepakdixit$ java -version
        java version "1.7.0_65"
        Java(TM) SE Runtime Environment (build 1.7.0_65-b17)
        Java HotSpot(TM) 64-Bit Server VM (build 24.65-b04, mixed mode)
        deepaks-mbp:ofbiz.13.07 deepakdixit$ 
        
        Show
        deepak.dixit Deepak Dixit added a comment - Hi Jacopo, R13.07 successfully build on java 7. jar: [jar] Building jar: /Users/deepakdixit/sandbox/ofbiz.13.07/specialpurpose/ecommerce/build/lib/ofbiz-ecommerce.jar build: [externalsubant] No sub-builds to iterate on clean-svninfo: [echo] Resetting svninfo... [echo] Done! [echo] [build] ========== Done Building (Compile) ========== BUILD SUCCESSFUL Total time: 45 seconds deepaks-mbp:ofbiz.13.07 deepakdixit$ java -version java version "1.7.0_65" Java(TM) SE Runtime Environment (build 1.7.0_65-b17) Java HotSpot(TM) 64-Bit Server VM (build 24.65-b04, mixed mode) deepaks-mbp:ofbiz.13.07 deepakdixit$
        Hide
        adrianc@hlmksw.com Adrian Crum added a comment -

        Getting R13 to compile with Java 7 has never been a problem. The problem is the tests will fail using java 7.

        Show
        adrianc@hlmksw.com Adrian Crum added a comment - Getting R13 to compile with Java 7 has never been a problem. The problem is the tests will fail using java 7.
        Hide
        jacopoc Jacopo Cappellato added a comment -

        Before the release 13.07.01 was issued I back ported a series of fixes to unit tests in order to make them pass also with 1.7: tests should not be an issue in 13.07.

        Show
        jacopoc Jacopo Cappellato added a comment - Before the release 13.07.01 was issued I back ported a series of fixes to unit tests in order to make them pass also with 1.7: tests should not be an issue in 13.07.
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Thanks NIcolas,

        This is annoying indeed, did you try R12.04 with Java 6 and TLSv1.0?

        Show
        jacques.le.roux Jacques Le Roux added a comment - Thanks NIcolas, This is annoying indeed, did you try R12.04 with Java 6 and TLSv1.0?
        Hide
        jacopoc Jacopo Cappellato added a comment -

        As regards the 13.07 branch I would start by converting the ant scripts to require java 7; our download page already warn that it is a requirement and shouldn't be a huge deal; when we will announce the 13.07.02 release we could still warn again about the requirement about java 7.
        We could consider 11.04 an unsupported branch.
        As regards 12.04: we should figure out if there is something we can do to enable TLS, or we could:
        1) anticipate the end of life of the release branch
        2) publish a final release with the upgrade to Java 7: it should be used only by users that can't upgrade to 13.07 but are ready to upgrade their production instances to java 7

        Show
        jacopoc Jacopo Cappellato added a comment - As regards the 13.07 branch I would start by converting the ant scripts to require java 7; our download page already warn that it is a requirement and shouldn't be a huge deal; when we will announce the 13.07.02 release we could still warn again about the requirement about java 7. We could consider 11.04 an unsupported branch. As regards 12.04: we should figure out if there is something we can do to enable TLS, or we could: 1) anticipate the end of life of the release branch 2) publish a final release with the upgrade to Java 7: it should be used only by users that can't upgrade to 13.07 but are ready to upgrade their production instances to java 7
        Hide
        soledad Nicolas Malin added a comment -

        did you try R12.04 with Java 6 and TLSv1.0?

        Yes I tried java 6 , TLSv1.2 and TLSv1.0

        As regards 12.04: we should figure out if there is something we can do to enable TLS, or we could:
        1) anticipate the end of life of the release branch
        2) publish a final release with the upgrade to Java 7: it should be used only by users that can't upgrade to 13.07 but are ready to upgrade their production instances to java 7

        To unsupported the 12.04 maybe wait the next stable branch. If we convert the 12.04 to use Java7, why anticipate the end of life ?

        Show
        soledad Nicolas Malin added a comment - did you try R12.04 with Java 6 and TLSv1.0? Yes I tried java 6 , TLSv1.2 and TLSv1.0 As regards 12.04: we should figure out if there is something we can do to enable TLS, or we could: 1) anticipate the end of life of the release branch 2) publish a final release with the upgrade to Java 7: it should be used only by users that can't upgrade to 13.07 but are ready to upgrade their production instances to java 7 To unsupported the 12.04 maybe wait the next stable branch. If we convert the 12.04 to use Java7, why anticipate the end of life ?
        Hide
        soledad Nicolas Malin added a comment -

        Sorry Jacopo, I confused anticipate by precipitate, so I read and understood advanced the end of life date

        Show
        soledad Nicolas Malin added a comment - Sorry Jacopo, I confused anticipate by precipitate, so I read and understood advanced the end of life date
        Hide
        deepak.dixit Deepak Dixit added a comment -

        SSLv3 and TLS will be disabled by default in Firefox upcoming releases.

        https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

        Show
        deepak.dixit Deepak Dixit added a comment - SSLv3 and TLS will be disabled by default in Firefox upcoming releases. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Deepak, yes, I already use https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

        Jacopo, I agree about no longer supporting R11.04 (actually it's already a fact).
        For the R12.04, let's see if we can reasonably use Java 7 indeed.

        Show
        jacques.le.roux Jacques Le Roux added a comment - Deepak, yes, I already use https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/ Jacopo, I agree about no longer supporting R11.04 (actually it's already a fact). For the R12.04, let's see if we can reasonably use Java 7 indeed.
        Hide
        jacopoc Jacopo Cappellato added a comment -

        Reopening this ticket to finalize the back porting to the release branches

        Show
        jacopoc Jacopo Cappellato added a comment - Reopening this ticket to finalize the back porting to the release branches
        Hide
        soledad Nicolas Malin added a comment -

        I started the test to OFBiz 12.04 on java17.

        I detected some error on entity test and I synchronized it with OFBiz 13.07 on supported function. Some error are present on cache and delete foreign key that didn't rollbacked.
        I will continue the investigation.

        Show
        soledad Nicolas Malin added a comment - I started the test to OFBiz 12.04 on java17. I detected some error on entity test and I synchronized it with OFBiz 13.07 on supported function. Some error are present on cache and delete foreign key that didn't rollbacked. I will continue the investigation.
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Thanks Nicolas, I hope to give you a hand soon...

        Show
        jacques.le.roux Jacques Le Roux added a comment - Thanks Nicolas, I hope to give you a hand soon...
        Hide
        soledad Nicolas Malin added a comment - - edited

        Ok, with the last patch run-tests is now successful under ubuntu 14.04 and
        java SE version "1.7.0_65" (Java HotSpot(TM 64-Bit Server VM )

        If an other contributor can realize an other test on an other platform it would be great

        Show
        soledad Nicolas Malin added a comment - - edited Ok, with the last patch run-tests is now successful under ubuntu 14.04 and java SE version "1.7.0_65" (Java HotSpot(TM 64-Bit Server VM ) If an other contributor can realize an other test on an other platform it would be great
        Hide
        jacopoc Jacopo Cappellato added a comment -

        tests successful on a Mac with OSX 10.9.5 and Java:

        java version "1.7.0_40"
        Java(TM) SE Runtime Environment (build 1.7.0_40-b43)
        Java HotSpot(TM) 64-Bit Server VM (build 24.0-b56, mixed mode)
        Show
        jacopoc Jacopo Cappellato added a comment - tests successful on a Mac with OSX 10.9.5 and Java: java version "1.7.0_40" Java(TM) SE Runtime Environment (build 1.7.0_40-b43) Java HotSpot(TM) 64-Bit Server VM (build 24.0-b56, mixed mode)
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        On Windows 7 running ant clean-all load-demo run-tests with

        java version "1.7.0_60"
        Java(TM) SE Runtime Environment (build 1.7.0_60-b19)
        Java HotSpot(TM) 64-Bit Server VM (build 24.60-b09, mixed mode)
        

        I got only a test failure on

        entitytests	testCountViews	Failure	Number of views should equal number of created entities in the test. expected:<6> but was:<3>
        
        junit.framework.AssertionFailedError: Number of views should equal number of created entities in the test. expected:<6> but was:<3>
        at org.ofbiz.entity.test.EntityTestSuite.testCountViews(EntityTestSuite.java:360)
        at org.ofbiz.testtools.TestRunContainer.start(TestRunContainer.java:146)
        at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:230)
        at org.ofbiz.base.start.Start.startStartLoaders(Start.java:362)
        at org.ofbiz.base.start.Start.start(Start.java:337)
        at org.ofbiz.base.start.Start.main(Start.java:139)
        
        Show
        jacques.le.roux Jacques Le Roux added a comment - On Windows 7 running ant clean-all load-demo run-tests with java version "1.7.0_60" Java(TM) SE Runtime Environment (build 1.7.0_60-b19) Java HotSpot(TM) 64-Bit Server VM (build 24.60-b09, mixed mode) I got only a test failure on entitytests testCountViews Failure Number of views should equal number of created entities in the test. expected:<6> but was:<3> junit.framework.AssertionFailedError: Number of views should equal number of created entities in the test. expected:<6> but was:<3> at org.ofbiz.entity.test.EntityTestSuite.testCountViews(EntityTestSuite.java:360) at org.ofbiz.testtools.TestRunContainer.start(TestRunContainer.java:146) at org.ofbiz.base.container.ContainerLoader.start(ContainerLoader.java:230) at org.ofbiz.base.start.Start.startStartLoaders(Start.java:362) at org.ofbiz.base.start.Start.start(Start.java:337) at org.ofbiz.base.start.Start.main(Start.java:139)
        Hide
        jacopoc Jacopo Cappellato added a comment -

        Thanks for the report Jacques.
        This is really a pain and it is probably happening because the tests we wrote are wrong: they assume a specific order of execution in the tests (which is not guaranteed and can change with the JVM being used).
        In this specific case, there was one test executed before the one that created 3 records in the entity "Testing" of type "TEST-COUNT-VIEW" and didn't remove them.
        I am going to commit a fix (for the test) soon.

        Show
        jacopoc Jacopo Cappellato added a comment - Thanks for the report Jacques. This is really a pain and it is probably happening because the tests we wrote are wrong: they assume a specific order of execution in the tests (which is not guaranteed and can change with the JVM being used). In this specific case, there was one test executed before the one that created 3 records in the entity "Testing" of type "TEST-COUNT-VIEW" and didn't remove them. I am going to commit a fix (for the test) soon.
        Hide
        jacopoc Jacopo Cappellato added a comment -

        Jacques, could you please try again with rev. 1639374?

        Show
        jacopoc Jacopo Cappellato added a comment - Jacques, could you please try again with rev. 1639374?
        Hide
        soledad Nicolas Malin added a comment -

        Thanks Jacopo and Jacques for your return.

        The test testCountViews playing me parts oO . I started an isolation of testForeignKeyRemove for the same reason. Jacopo don't wast your time, I will update this test to improve this resistance.

        Show
        soledad Nicolas Malin added a comment - Thanks Jacopo and Jacques for your return. The test testCountViews playing me parts oO . I started an isolation of testForeignKeyRemove for the same reason. Jacopo don't wast your time, I will update this test to improve this resistance.
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Despites what Einstein said about insanity : "Doing the same thing over and over again and expecting different results." I tried again exactly the same and it worked. Actually Einstein had the luck to never work with a comptuer (AFAIK) (should I add a computer running WIndows on SSDs?)

        So seems that you fixed it Nicolas We are ready it seems?

        Show
        jacques.le.roux Jacques Le Roux added a comment - Despites what Einstein said about insanity : "Doing the same thing over and over again and expecting different results." I tried again exactly the same and it worked. Actually Einstein had the luck to never work with a comptuer (AFAIK) (should I add a computer running WIndows on SSDs?) So seems that you fixed it Nicolas We are ready it seems?
        Hide
        jacopoc Jacopo Cappellato added a comment -


        Well, my fix should have helped you too... if you can confirm it still works it would be great.

        Jacopo

        Show
        jacopoc Jacopo Cappellato added a comment - Well, my fix should have helped you too... if you can confirm it still works it would be great. Jacopo
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Ha Jacopo, our comments crossed on wire, I did not update. I guess your change will remove the randomness. I will retry, damned Einstein

        Show
        jacques.le.roux Jacques Le Roux added a comment - Ha Jacopo, our comments crossed on wire, I did not update. I guess your change will remove the randomness. I will retry, damned Einstein
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Ha no, it was already up to date when I tried. I did a svn up just before. So it seems the 1st time it failed despite your change. The second time, since I had other stuff to do and tests consume much ressources, I diminished the Java proces priority (from 8 normal to 4 background). It's maybe the reason it worked. I will retry the 2 cases later. Anyway I'd not worry too much about that, I think nowaydays nobody run a production site on Windows Server

        Show
        jacques.le.roux Jacques Le Roux added a comment - Ha no, it was already up to date when I tried. I did a svn up just before. So it seems the 1st time it failed despite your change. The second time, since I had other stuff to do and tests consume much ressources, I diminished the Java proces priority (from 8 normal to 4 background). It's maybe the reason it worked. I will retry the 2 cases later. Anyway I'd not worry too much about that, I think nowaydays nobody run a production site on Windows Server
        Hide
        jacopoc Jacopo Cappellato added a comment -

        Actually I have fixed the test after you reported the failure; after that you reported a success... or am I missing something?

        Show
        jacopoc Jacopo Cappellato added a comment - Actually I have fixed the test after you reported the failure; after that you reported a success... or am I missing something?
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        No, sequence of operations:

        1. svn up
        2. ant clean-all load-demo run-tests fails
        3. ant clean-all load-demo run-tests succeed
        4. svn up already up to date

        That's why I spoke about Einstein. It's not the 1st time this happens to me on Windows. Tha'ts also why I retried. I guess the less speed process made the difference.

        BTW I just tried again at normal priority with success. So It's ok with me and I will not try more

        Show
        jacques.le.roux Jacques Le Roux added a comment - No, sequence of operations: svn up ant clean-all load-demo run-tests fails ant clean-all load-demo run-tests succeed svn up already up to date That's why I spoke about Einstein. It's not the 1st time this happens to me on Windows. Tha'ts also why I retried. I guess the less speed process made the difference. BTW I just tried again at normal priority with success. So It's ok with me and I will not try more
        Hide
        jacopoc Jacopo Cappellato added a comment -

        I suspect it may have failed the first time on a different test.

        Show
        jacopoc Jacopo Cappellato added a comment - I suspect it may have failed the first time on a different test.
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        The failure I C/Pasted was the only I found in index.html between 2 and 3.

        Anyway in such cases, i prefer to rely on Buildbot and its successive tries.

        Show
        jacques.le.roux Jacques Le Roux added a comment - The failure I C/Pasted was the only I found in index.html between 2 and 3. Anyway in such cases, i prefer to rely on Buildbot and its successive tries.
        Hide
        soledad Nicolas Malin added a comment -

        I don't know exactly if Einstein said true, but I prefer open the box to check the problem. It's a pity for the cat ! And if Schrödinger has been right, I solved two issues (I hate cats)

        And I'm sure with this last patch, your test will be a success !

        Show
        soledad Nicolas Malin added a comment - I don't know exactly if Einstein said true, but I prefer open the box to check the problem. It's a pity for the cat ! And if Schrödinger has been right, I solved two issues (I hate cats) And I'm sure with this last patch, your test will be a success !
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Hi Nicolas,

        Indeed success, so it seems we now have all in hand for the Poodle vunlnerability in trunk and supported releases.

        I have still to understand why the stable demo is not working, but that's unrelated I hope.

        Show
        jacques.le.roux Jacques Le Roux added a comment - Hi Nicolas, Indeed success, so it seems we now have all in hand for the Poodle vunlnerability in trunk and supported releases. I have still to understand why the stable demo is not working, but that's unrelated I hope.
        Hide
        soledad Nicolas Malin added a comment -

        Ok thanks Jacques.

        Before commit this patch that force java 1.7 for the 12.04, I prepare a notification for the user mailing. It seems a really important impact for production sites (I'm in this case ) and production team that follow own infra recommendations.

        Show
        soledad Nicolas Malin added a comment - Ok thanks Jacques. Before commit this patch that force java 1.7 for the 12.04, I prepare a notification for the user mailing. It seems a really important impact for production sites (I'm in this case ) and production team that follow own infra recommendations.
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        OK , Nicolas. I believe people in production will understand the importance, even more if they use a direct access to the https connector.

        Forgot to say here that the stable demo issue was unrelated and the demo is back to normal.

        Show
        jacques.le.roux Jacques Le Roux added a comment - OK , Nicolas. I believe people in production will understand the importance, even more if they use a direct access to the https connector. Forgot to say here that the stable demo issue was unrelated and the demo is back to normal.
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        Thanks to All,

        Nicolas your patch is committed in R12.04. Thanks to Deepak tests, I have partially used it to adapt also R13.07. I have adapted our Buildbot configuration to run all tests with Java 1.7, all passed here (Windows 7) and there (Ubuntu). I have removed R11.04 from Buildbot tests. I have asked the infra to check why we no longer receive reports: INFRA-8636

        So I close this issue. We only have to watch for the forced protocol to TLSv1.2. I put a 6 months note as reminder here.

        Show
        jacques.le.roux Jacques Le Roux added a comment - Thanks to All, Nicolas your patch is committed in R12.04. Thanks to Deepak tests, I have partially used it to adapt also R13.07. I have adapted our Buildbot configuration to run all tests with Java 1.7, all passed here (Windows 7) and there (Ubuntu). I have removed R11.04 from Buildbot tests. I have asked the infra to check why we no longer receive reports: INFRA-8636 So I close this issue. We only have to watch for the forced protocol to TLSv1.2. I put a 6 months note as reminder here.
        Hide
        soledad Nicolas Malin added a comment -

        Ok thanks jacques for your time

        Show
        soledad Nicolas Malin added a comment - Ok thanks jacques for your time
        Hide
        jacques.le.roux Jacques Le Roux added a comment -

        We no longer force TLS to v1.2 with OFBIZ-5881

        Show
        jacques.le.roux Jacques Le Roux added a comment - We no longer force TLS to v1.2 with OFBIZ-5881

          People

          • Assignee:
            jacques.le.roux Jacques Le Roux
            Reporter:
            hrcboston Poodle Fixer
          • Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development

                Agile