tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregor S." <rc4...@googlemail.com>
Subject Problems w/ TLS (record-splitting)
Date Tue, 10 Apr 2012 17:46:25 GMT
Hi guys,

I know, it's actually not a Tomcat-problem, but I was wondering if one
of those guru hanging around in this mailing-list could give me a hint
on how to handle this problem.

As some of you might be aware, Firefox (from on version 9.x) cannot
handle TLS-records which are served from a server if they are split
into multiple parts.

This behaviour is documented here:
https://bugzilla.mozilla.org/show_bug.cgi?id=702111

Since some of our clients are using Firefox, I just can't lean back
and tell them "well, that's a Firefox-bug, get a decent browser" -
unfortunately.

We are using Apache Tomcat 6.0.24 on Scientific Linux release 6.2
(Carbon), Tomcat is running as a demon via jsvc, and Tomcat is using
the Apache Portable Runtime (APR).

I went through all docs I could find on the net, hoping, there was
some screw I could turn to switch off TLS record splitting on the
server side, but I couldn't find anything.

Our scenario is as follows:

- SSL connection
- user is prompted for ID / password via FormLogin (j_security_check)

And then we get the message

"The connection was reset"
"The connection to the server was reset while the page was loading."

Does any of you guys have an idea, if there is any Tomcat
configuration-parameter I could try to overcome this behaviour?

IE Chrome (both all versions) are working like charm.

Thanks in advance!

Gregor
-- 
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 3DB13F197F8A0360814885D1F1F1E2EFAD509AFD
skype:rc46fi
gplus.to/gregor
twitter.com/#/2smart4u

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message