Created attachment 22351 [details] The keystore i use I'm usind apache-tomcat-6.0.16 with jdk1.6.0_06 (but it was also occur with jdk1.5.0_16) I have a .keystore file which doesn’t matches the SSL definitions in the server.xml(wrong password). tomcat 4 handled it well – it was unable to connect to it but the logs showed a friendly messages and the server continue working fine. However in tomcat 6 when I configured the connectors in the server.xml with default settings or as" org.apache.coyote.http11.Http11Protocol" and I started the service, the tomcat get in an infinite loop which holds the CPU in 90% and keep writing to catalina log the following error: ************************************************************************* 03/08/2008 11:09:37 org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310) at java.lang.Thread.run(Thread.java:619) ************************************************************************* When I configure the connectors to work with “org.apache.coyote.http11.Http11NioProtocol” the problem seems to disappear
Created attachment 22352 [details] The server.xml i use with the connector of Http11Protocol
Created attachment 22353 [details] The catalina log
This has been fixed in trunk and proposed for 5.5.x and 6.0.x.
For the record, neither the alias nor the password appears to be the problem. The only way I could reproduce the loop of log messages it was to take a valid, working SSL configuration and set a value for the ciphers attribute that was not compatible with the certificate Tomcat was using.
The original patch was rejected. I have just proposed a reworked patch.
The improved patch has been applied to 6.0.x and will be included in 6.0.19 onwards.
This has been fixed in 5.5.x/4.1.x and will be included in 5.5.28 and 4.1.40 onwards