tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: ssl_error_internal_error_alert in firefox only, dependent on jdk version (tomcat 5.5.26)
Date Sun, 11 Oct 2009 12:08:48 GMT
> 2009/10/2 Nada O'Neal <nco2104@columbia.edu>:
>> Hey everyone -
>>
>> I'm stuck on Tomcat 5.5.26 to support a specific application. This is a
>> Solaris 9 server with no Apache - tomcat is handling its own webserving.
>> We're hoping to upgrade the JDK. I can use JDK-1.5.0_21 successfully. When I
>> start tomcat with JDK-1.6.0_16, I get one specific issue...
>>
>> Firefox, but not Safari or IE, will report on https connections:
>>
>>        Secure Connection Error
>>        An error occurred during a connection to mysite.com:8443.
>>        Peer reports it experienced an internal error.
>>        (Error code: ssl_error_internal_error_alert)
>>
>> Weirdly, there is no error in any error log when this happens.
>>

I found the following threads in the archives, that may be relevant to
this issue:

[1] "How to make to Apache-Tomcat 6.0.13 to support all of SSLv2/SSLv3
and TLS protocols", in org.apache.tomcat.users list
http://markmail.org/thread/meymo5jjzwmctuql

[2] FireFox v3.0.1 of Windows uses SSLv2 Record Layer even when SSLv2
is disabled
in firefox-security-dev
http://www.nabble.com/FireFox-v3.0.1-of-Windows-uses-SSLv2-Record-Layer-even-when-SSLv2-is-disabled-td19239646.html

[3] "Internal error upon seeing the "Camellia" cipher suites in the
SSL handshake message",
in org.apache.harmony.dev
http://markmail.org/thread/x6d77hsmklm3d3uh


[1] is regarding Firefox 3.0.1 that was trying to use SSLv2 handshake.
One of the responses contain a link to Tomcat SSL Howto page,  [2]
explains what happened at Firefox 3.0.1 side in that case. Finally,
[3] is Apache Harmony JRE side of the issue, and the one that was
actually solved in that case.

That was a SSL handshake issue that happened and was resolved about a year ago.

While current issue might be different, those threads show how that
one was hunted down and solved.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message