tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 45730] New: Tomcat (with Harmony JRE) errors out when used with the latest FireFox 3.0.1 browser
Date Tue, 02 Sep 2008 20:41:10 GMT

           Summary: Tomcat (with Harmony JRE) errors out when used with the
                    latest FireFox 3.0.1 browser
           Product: Tomcat 6
           Version: 6.0.13
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina

I have a web-application which runs on Apache-Tomcat v6.0.13. Am using the
Apache Harmony JRE. When I try to launch the application on the latest FireFox
v3.0.1 browser, tomcat errors out with the following message in the
catalina.out :
Aug 29, 2008 2:52:52 PM$Acceptor run
SEVERE: Socket accept failed
Throwable occurred: SSL handshake error INTERNAL ERROR

After debugging the issue, it turns out to be that the Apache-Tomcat is not
able to handle the full set of cipher suites implemented in the latest FireFox
dhe_dss_camellia_128_sha (0x000044)
dhe_dss_camellia_256_sha (0x000087)
dhe_rsa_camellia_128_sha (0x000045)
dhe_rsa_camellia_256_sha (0x000088)
rsa_camellia_128_sha (0x000041)
rsa_camellia_256_sha (0x000084)

In order to make my web application to work with FireFox Windows
browser(v3.0.1), the above mentioned cipher suites needs to be "disabled" in
the browser via the "about:config" option.

Below is the snippet of the server.xml config:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
              maxThreads="150" scheme="https" secure="true"
              clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
              keystoreFile="conf/my-key-store" keystorePass="abcd"/>

Here is my postings in the firefox-security-dev mailing list:

Here is my postings in the tomcat-user mailing list:

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message