harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Ellison <t.p.elli...@gmail.com>
Subject Re: Internal error upon seeing the "Camellia" cipher suites in the SSL handshake message
Date Sun, 07 Sep 2008 08:23:17 GMT
Sean Qiu wrote:
> Seems that I dived into the wrong way.
> I found that the handshake version is different sometime,so i was
> investigating the protocol.
> I should start with the most apparent and simple place from the stack trace.
> Though it is worth knowing how SSL handshake works :)

Yes.  As was pointed out to me, off list, my initial assessment that we
don't handle SSLv2 was wrong, since if we get a SSLv2 hello message we
negotiate via TLSv1 -- so it works out in the end.

I'm still waiting to hear from Suresh that it fixes the problem for him
too, then we can close the issue.

Thanks for helping.

Regards,
Tim

> It will no longer throw the java.lang.ArrayIndexOutOfBoundsException
> at org.apache.harmony.xnet.provider.jsse.CipherSuite.getByCode() now.
> 
> Thank you.
> 
> 2008/9/7 Tim Ellison <t.p.ellison@gmail.com>:
>> Please try again with SVN revision r692675 or later.
>>
>> Works for me now.
>>
>> Regards,
>> Tim
>>
>> Suresh Kumar J wrote:
>>> Hi
>>>
>>> I have a web-application which runs on Apache-Tomcat v6.0.13. Am using
>>> theApache Harmony JRE(v6). When I try to launch the application on the
>>> latest FireFox v3.0.1 browser, tomcat errors out with the following
>>> message in the catalina.out :
>>> --------------------------------------------------
>>> Aug 29, 2008 2:52:52 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
>>> SEVERE: Socket accept failed
>>> Throwable occurred: java.net.SocketException: SSL handshake error
>>> javax.net.ssl.SSLException: INTERNAL ERROR
>>>        at
>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
>>>
>>>        at
>>> org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
>>>        at java.lang.Thread.run(Thread.java:657)
>>> --------------------------------------------------
>>>
>>> After debugging the issue, it turns out to be that the Apache-Tomcat is
>>> not able to handle the full set of cipher suites implemented in the
>>> latest FireFox v3.0.1.
>>> dhe_dss_camellia_128_sha (0x000044)
>>> dhe_dss_camellia_256_sha (0x000087)
>>> dhe_rsa_camellia_128_sha (0x000045)
>>> dhe_rsa_camellia_256_sha (0x000088)
>>> rsa_camellia_128_sha (0x000041)
>>> rsa_camellia_256_sha (0x000084)
>>>
>>> In order to make my web application to work with FireFox browser
>>> v3.0.1), the above mentioned cipher suites needs to be "disabled" in the
>>> browser via the "about:config" option.
>>>
>>> * Am having the default lib/security/java.security config of the Harmony
>>> JRE.
>>> * Below is the snippet of the server.xml config file of the tomcat server:
>>> ----------------------------
>>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>>>               maxThreads="150" scheme="https" secure="true"
>>>               clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
>>>               keystoreFile="conf/my-key-store" keystorePass="abcd"/>
>>> ----------------------------
>>>
>>> * Why does Tomcat(when used with Harmony JRE) errors out if it doesn't
>>> understand the some of the cipher suite. Instead it should gracefully
>>> ignore them.
>>>
>>> * Have enclosed the packet capture which shows the SSL handshake message
>>> from the client(frame$4) and the response from the tomcat server which
>>> has the internal error(frame$6).
>>>
>>> * Here is the bug filed no apache-tomcat which got rejected saying the
>>> issue was not actually of Tomcat's and of Harmony JRE.
>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=45730
>>>
>>> * Here was my posting in the firefox-security-dev mailing list:
>>> http://www.nabble.com/FireFox-v3.0.1-of-Windows-uses-SSLv2-Record-Layer-even-when-SSLv2-is-disabled-td19239646.html
>>>
>>>
>>> * Here was my posting in the tomcat-user mailing list:
>>> http://www.nabble.com/How-to-make-to-Apache-Tomcat-6.0.13-to-support-all-of-SSLv2-SSLv3-and-TLS-protocols-tt19228675.html
>>>
>>>
>>> Any inputs on this issue would be appreciated.
>>>
>>> Thanks,
>>> Suresh
>>>
> 
> 
> 

Mime
View raw message