tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nada O'Neal" <nco2...@columbia.edu>
Subject ssl_error_internal_error_alert in firefox only, dependent on jdk version (tomcat 5.5.26)
Date Thu, 01 Oct 2009 20:36:28 GMT
Hey everyone -

I'm stuck on Tomcat 5.5.26 to support a specific application. This is a 
Solaris 9 server with no Apache - tomcat is handling its own webserving. 
We're hoping to upgrade the JDK. I can use JDK-1.5.0_21 successfully. 
When I start tomcat with JDK-1.6.0_16, I get one specific issue...

Firefox, but not Safari or IE, will report on https connections:

	Secure Connection Error
	An error occurred during a connection to mysite.com:8443.
	Peer reports it experienced an internal error.
	(Error code: ssl_error_internal_error_alert)

Weirdly, there is no error in any error log when this happens.

I think this might be a configuration error on my part. Here's our SSL 
conf stanza:

    		<Connector port="8443" maxHttpHeaderSize="8192"
                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                enableLookups="false" disableUploadTimeout="true"
                acceptCount="100" scheme="https" secure="true"
                clientAuth="false" sslProtocol="TLS"
		keystoreFile="/path/to/my/keystore"
                 keystorePass="somePass" />

... I notice that in other people's configs, they have a specific 
reference to a TrustStore. I have the CA certs imported into the 
keystore, though, and I'm using this config on other servers, with other 
versions of tomcat, other versions of the JDK, etc. (However, those are 
all linux servers.) I'm especially suspicious about this possibility 
because lately there have been other Firefox https bugs (like the Flash 
uploader bug) that ultimately have to do with verifying the certificate 
authority. Adding in a truststore doesn't seem to help, but maybe i r 
doin it wrong.

Thanks for any references or wild speculation you can provide.

- Nada

(p.s. if you're curious about the Flash uploader bug, see e.g.:
http://bugs.adobe.com/jira/browse/FP-201
http://bugs.adobe.com/jira/browse/FP-226
https://bugs.adobe.com/jira/browse/SDK-13196
http://swfupload.org/forum/generaldiscussion/347 )

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message