tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: ssl_error_internal_error_alert in firefox only, dependent on jdk version (tomcat 5.5.26)
Date Thu, 08 Oct 2009 09:54:27 GMT
Does this issue depend on Firefox version? (which version you are
using?) Is it reproducible on different client PCs running the same
Firefox version? Maybe different Firefox settings? Is TLS protocol
enabled in Firefox (usually it is)?

>From description, this issue is not dependent on your application. Can
you reproduce it with default applications that Tomcat comes with, on
latest Tomcat 5.5.28 or 6.0.20, even if you cannot run your
application on that versions?

Is it reproducible with self-signed certificates? Is it reproducible
on other operating systems?

The set of ciphers in JDK 1.5 and JDK 1.6 might be different. That is,
the browser and the server might not agree on what cipher to use.
(though why there is the "internal_error" alert ?)

Best regards,
Konstantin Kolinko

2009/10/2 Nada O'Neal <nco2104@columbia.edu>:
> Hey everyone -
>
> I'm stuck on Tomcat 5.5.26 to support a specific application. This is a
> Solaris 9 server with no Apache - tomcat is handling its own webserving.
> We're hoping to upgrade the JDK. I can use JDK-1.5.0_21 successfully. When I
> start tomcat with JDK-1.6.0_16, I get one specific issue...
>
> Firefox, but not Safari or IE, will report on https connections:
>
>        Secure Connection Error
>        An error occurred during a connection to mysite.com:8443.
>        Peer reports it experienced an internal error.
>        (Error code: ssl_error_internal_error_alert)
>
> Weirdly, there is no error in any error log when this happens.
>
> I think this might be a configuration error on my part. Here's our SSL conf
> stanza:
>
>                <Connector port="8443" maxHttpHeaderSize="8192"
>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>               enableLookups="false" disableUploadTimeout="true"
>               acceptCount="100" scheme="https" secure="true"
>               clientAuth="false" sslProtocol="TLS"
>                keystoreFile="/path/to/my/keystore"
>                keystorePass="somePass" />
>
> ... I notice that in other people's configs, they have a specific reference
> to a TrustStore. I have the CA certs imported into the keystore, though, and
> I'm using this config on other servers, with other versions of tomcat, other
> versions of the JDK, etc. (However, those are all linux servers.) I'm
> especially suspicious about this possibility because lately there have been
> other Firefox https bugs (like the Flash uploader bug) that ultimately have
> to do with verifying the certificate authority. Adding in a truststore
> doesn't seem to help, but maybe i r doin it wrong.
>
> Thanks for any references or wild speculation you can provide.
>
> - Nada
>
> (p.s. if you're curious about the Flash uploader bug, see e.g.:
> http://bugs.adobe.com/jira/browse/FP-201
> http://bugs.adobe.com/jira/browse/FP-226
> https://bugs.adobe.com/jira/browse/SDK-13196
> http://swfupload.org/forum/generaldiscussion/347 )
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message