harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Kumar J <suresh.kuma...@gmail.com>
Subject Internal error upon seeing the "Camellia" cipher suites in the SSL handshake message
Date Wed, 03 Sep 2008 06:14:55 GMT

I have a web-application which runs on Apache-Tomcat v6.0.13. Am using 
theApache Harmony JRE(v6). When I try to launch the application on the 
latest FireFox v3.0.1 browser, tomcat errors out with the following 
message in the catalina.out :
Aug 29, 2008 2:52:52 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
Throwable occurred: java.net.SocketException: SSL handshake error
javax.net.ssl.SSLException: INTERNAL ERROR
        at java.lang.Thread.run(Thread.java:657)

After debugging the issue, it turns out to be that the Apache-Tomcat is 
not able to handle the full set of cipher suites implemented in the 
latest FireFox v3.0.1.
dhe_dss_camellia_128_sha (0x000044)
dhe_dss_camellia_256_sha (0x000087)
dhe_rsa_camellia_128_sha (0x000045)
dhe_rsa_camellia_256_sha (0x000088)
rsa_camellia_128_sha (0x000041)
rsa_camellia_256_sha (0x000084)

In order to make my web application to work with FireFox browser 
v3.0.1), the above mentioned cipher suites needs to be "disabled" in the 
browser via the "about:config" option.

* Am having the default lib/security/java.security config of the Harmony 
* Below is the snippet of the server.xml config file of the tomcat server:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
               keystoreFile="conf/my-key-store" keystorePass="abcd"/>

* Why does Tomcat(when used with Harmony JRE) errors out if it doesn't 
understand the some of the cipher suite. Instead it should gracefully 
ignore them.

* Have enclosed the packet capture which shows the SSL handshake message 
from the client(frame$4) and the response from the tomcat server which 
has the internal error(frame$6).

* Here is the bug filed no apache-tomcat which got rejected saying the 
issue was not actually of Tomcat's and of Harmony JRE.

* Here was my posting in the firefox-security-dev mailing list:

* Here was my posting in the tomcat-user mailing list:

Any inputs on this issue would be appreciated.


View raw message