tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 10527] - SSL socket error shuts down access to HTTPS pages
Date Mon, 29 May 2006 15:54:41 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=10527>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=10527





------- Additional Comments From akhil@lucent.com  2006-05-29 15:54 -------
We found the problem. I am not sure if it is bug in tomcat or a right behaviour.
>From my point of view crashing of tomcat is not a right behaviour. Anyway the
root cause of the problem was that on the server side we had a keystore which
was not generated for every machine i.e. it was just a common one.

We use IP address to access the URL and hence we used to get a warning whenever
connected to https site that the "Certificate address does not match the address
in the URL" but it used to continue by clicking on Ok.  Hence we thought it is
just a warning and should not cause any problem. But later we found out that
this was preventing the tomcat to have handshake with the browser and was
causing the exhaustion of tomcat threads.

So the solution is to have a keystore which is generated for each IP address or
valid for a domain depending on the URL from where the java applet is downloaded.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message