You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2008/09/02 22:41:10 UTC
DO NOT REPLY [Bug 45730] New: Tomcat (with Harmony JRE) errors out
when used with the latest FireFox 3.0.1 browser
https://issues.apache.org/bugzilla/show_bug.cgi?id=45730
Summary: Tomcat (with Harmony JRE) errors out when used with the
latest FireFox 3.0.1 browser
Product: Tomcat 6
Version: 6.0.13
Platform: PC
URL: http://www.nabble.com/How-to-make-to-Apache-Tomcat-
6.0.13-to-support-all-of-SSLv2-SSLv3-and-TLS-protocols-
to19228675.html#a19235053
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: suresh.kumar.j@gmail.com
CC: suresh.kumar.j@gmail.com
I have a web-application which runs on Apache-Tomcat v6.0.13. Am using the
Apache Harmony JRE. When I try to launch the application on the latest FireFox
v3.0.1 browser, tomcat errors out with the following message in the
catalina.out :
--------------------------------------------------
Aug 29, 2008 2:52:52 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
Throwable occurred: java.net.SocketException: SSL handshake error
javax.net.ssl.SSLException: INTERNAL ERROR
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
at java.lang.Thread.run(Thread.java:657)
--------------------------------------------------
After debugging the issue, it turns out to be that the Apache-Tomcat is not
able to handle the full set of cipher suites implemented in the latest FireFox
v3.0.1.
dhe_dss_camellia_128_sha (0x000044)
dhe_dss_camellia_256_sha (0x000087)
dhe_rsa_camellia_128_sha (0x000045)
dhe_rsa_camellia_256_sha (0x000088)
rsa_camellia_128_sha (0x000041)
rsa_camellia_256_sha (0x000084)
In order to make my web application to work with FireFox Windows
browser(v3.0.1), the above mentioned cipher suites needs to be "disabled" in
the browser via the "about:config" option.
Below is the snippet of the server.xml config:
----------------------------
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
keystoreFile="conf/my-key-store" keystorePass="abcd"/>
----------------------------
Here is my postings in the firefox-security-dev mailing list:
http://www.nabble.com/FireFox-v3.0.1-of-Windows-uses-SSLv2-Record-Layer-even-when-SSLv2-is-disabled-td19239646.html
Here is my postings in the tomcat-user mailing list:
http://www.nabble.com/How-to-make-to-Apache-Tomcat-6.0.13-to-support-all-of-SSLv2-SSLv3-and-TLS-protocols-to19228675.html#a19235053
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 45730] Tomcat (with Harmony JRE) errors out when
used with the latest FireFox 3.0.1 browser
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45730
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Mark Thomas <ma...@apache.org> 2008-09-02 13:56:24 PST ---
This isn't a Tomcat bug. If the JRE and the browser do not have a mutually
compatible set of ciphers then an SSL session won't be established.
You need to enabled SSL debugging (no idea how to do this in harmony) to figure
out where the incompatibility lies. It looks like if you disable those ciphers
then Firefox provides additional, lower strength, ciphers but you need to do
some more debugging to be sure.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org