harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Kumar J <suresh.kuma...@gmail.com>
Subject Re: Internal error upon seeing the "Camellia" cipher suites in the SSL handshake message
Date Sun, 07 Sep 2008 18:44:00 GMT
Thanks Tim!.
Is the r692675 out?. Am not seeing it under 
http://people.apache.org/builds/harmony/snapshots/

Tim Ellison wrote:
> Please try again with SVN revision r692675 or later.
>
> Works for me now.
>
> Regards,
> Tim
>
> Suresh Kumar J wrote:
>   
>> Hi
>>
>> I have a web-application which runs on Apache-Tomcat v6.0.13. Am using
>> theApache Harmony JRE(v6). When I try to launch the application on the
>> latest FireFox v3.0.1 browser, tomcat errors out with the following
>> message in the catalina.out :
>> --------------------------------------------------
>> Aug 29, 2008 2:52:52 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
>> SEVERE: Socket accept failed
>> Throwable occurred: java.net.SocketException: SSL handshake error
>> javax.net.ssl.SSLException: INTERNAL ERROR
>>        at
>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
>>
>>        at
>> org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
>>        at java.lang.Thread.run(Thread.java:657)
>> --------------------------------------------------
>>
>> After debugging the issue, it turns out to be that the Apache-Tomcat is
>> not able to handle the full set of cipher suites implemented in the
>> latest FireFox v3.0.1.
>> dhe_dss_camellia_128_sha (0x000044)
>> dhe_dss_camellia_256_sha (0x000087)
>> dhe_rsa_camellia_128_sha (0x000045)
>> dhe_rsa_camellia_256_sha (0x000088)
>> rsa_camellia_128_sha (0x000041)
>> rsa_camellia_256_sha (0x000084)
>>
>> In order to make my web application to work with FireFox browser
>> v3.0.1), the above mentioned cipher suites needs to be "disabled" in the
>> browser via the "about:config" option.
>>
>> * Am having the default lib/security/java.security config of the Harmony
>> JRE.
>> * Below is the snippet of the server.xml config file of the tomcat server:
>> ----------------------------
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>>               maxThreads="150" scheme="https" secure="true"
>>               clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
>>               keystoreFile="conf/my-key-store" keystorePass="abcd"/>
>> ----------------------------
>>
>> * Why does Tomcat(when used with Harmony JRE) errors out if it doesn't
>> understand the some of the cipher suite. Instead it should gracefully
>> ignore them.
>>
>> * Have enclosed the packet capture which shows the SSL handshake message
>> from the client(frame$4) and the response from the tomcat server which
>> has the internal error(frame$6).
>>
>> * Here is the bug filed no apache-tomcat which got rejected saying the
>> issue was not actually of Tomcat's and of Harmony JRE.
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=45730
>>
>> * Here was my posting in the firefox-security-dev mailing list:
>> http://www.nabble.com/FireFox-v3.0.1-of-Windows-uses-SSLv2-Record-Layer-even-when-SSLv2-is-disabled-td19239646.html
>>
>>
>> * Here was my posting in the tomcat-user mailing list:
>> http://www.nabble.com/How-to-make-to-Apache-Tomcat-6.0.13-to-support-all-of-SSLv2-SSLv3-and-TLS-protocols-tt19228675.html
>>
>>
>> Any inputs on this issue would be appreciated.
>>
>> Thanks,
>> Suresh
>>
>>     

Mime
View raw message