Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 51217 invoked from network); 1 Oct 2009 20:39:06 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 1 Oct 2009 20:39:06 -0000 Received: (qmail 58696 invoked by uid 500); 1 Oct 2009 20:39:01 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 58653 invoked by uid 500); 1 Oct 2009 20:39:01 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 58642 invoked by uid 99); 1 Oct 2009 20:39:01 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Oct 2009 20:39:01 +0000 X-ASF-Spam-Status: No, hits=1.5 required=10.0 tests=SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of nco2104@columbia.edu designates 128.59.29.7 as permitted sender) Received: from [128.59.29.7] (HELO tarap.cc.columbia.edu) (128.59.29.7) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Oct 2009 20:38:50 +0000 Received: from dyn-butler-158-52.dyn.columbia.edu (dyn-butler-158-52.dyn.columbia.edu [128.59.158.52]) (user=nco2104 mech=PLAIN bits=0) by tarap.cc.columbia.edu (8.14.3/8.14.3) with ESMTP id n91KaSGV017140 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 1 Oct 2009 16:36:29 -0400 (EDT) Message-ID: <4AC512CC.6090909@columbia.edu> Date: Thu, 01 Oct 2009 16:36:28 -0400 From: "Nada O'Neal" User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: users@tomcat.apache.org Subject: ssl_error_internal_error_alert in firefox only, dependent on jdk version (tomcat 5.5.26) Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-No-Spam-Score: Local X-Scanned-By: MIMEDefang 2.65 on 128.59.29.7 X-Virus-Checked: Checked by ClamAV on apache.org Hey everyone - I'm stuck on Tomcat 5.5.26 to support a specific application. This is a Solaris 9 server with no Apache - tomcat is handling its own webserving. We're hoping to upgrade the JDK. I can use JDK-1.5.0_21 successfully. When I start tomcat with JDK-1.6.0_16, I get one specific issue... Firefox, but not Safari or IE, will report on https connections: Secure Connection Error An error occurred during a connection to mysite.com:8443. Peer reports it experienced an internal error. (Error code: ssl_error_internal_error_alert) Weirdly, there is no error in any error log when this happens. I think this might be a configuration error on my part. Here's our SSL conf stanza: ... I notice that in other people's configs, they have a specific reference to a TrustStore. I have the CA certs imported into the keystore, though, and I'm using this config on other servers, with other versions of tomcat, other versions of the JDK, etc. (However, those are all linux servers.) I'm especially suspicious about this possibility because lately there have been other Firefox https bugs (like the Flash uploader bug) that ultimately have to do with verifying the certificate authority. Adding in a truststore doesn't seem to help, but maybe i r doin it wrong. Thanks for any references or wild speculation you can provide. - Nada (p.s. if you're curious about the Flash uploader bug, see e.g.: http://bugs.adobe.com/jira/browse/FP-201 http://bugs.adobe.com/jira/browse/FP-226 https://bugs.adobe.com/jira/browse/SDK-13196 http://swfupload.org/forum/generaldiscussion/347 ) --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org