SSL ( Internet Explorer = FAILS / Firefox = WORKS ) ??

[Ethan Akins <et...@adecn.com>]

Browse the Web:
* Windows XP Home Edition Version 2002 Service Pack 2

Web Server:
* jakarta-tomcat5.0

When I try to access a test external URL via Firefox the page displays 
correctly, however when I try to view it with Internet Explorer 6.0 it shows 
the error below:

========================================
Cannot find server - Microsoft Internet Explorer

--------------------------------------------------------------------------------
This page cannot be displayed

The page you are looking for is currently unavailable. The Web
site might be experiencing technical difficulities, or you may need
to adjust your browser settings. 
========================================

On the Windows machine I have went to:

Tools > Internet Options > Advanced 

UNCHECKED: 
Show Friendly HTTP error messages

CHECKED:  
Use SSL 2.0
Use SSL 3.0

Additional Notes: 'Use TLS 1.0' is unchecked and 'Use HTTP 1.1 through proxy 
connection' is also unchecked. Also, I have tried the URL on a few different 
windows machines and the result is exactly the same.

* No anti-virus software is installed on the Windows machine.
* I can browse other SSL related URL's, just not the one I am testing with... 
* The non secure test URL works just fine in Internet Explorer

Do you think this is related to:

Tomcat Setting?
or
Windows Setting ?

Any help  is greatly appreciated!

Thanks,

Ethan
-------
ethan.akins@adecn.com

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: SSL ( Internet Explorer = FAILS / Firefox = WORKS ) ??

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ethan,

Ethan Akins wrote:
> When I try to access a test external URL via Firefox the page displays 
> correctly, however when I try to view it with Internet Explorer 6.0 it shows 
> the error below:
> 
> ========================================
> Cannot find server - Microsoft Internet Explorer

[snip]

> Tools > Internet Options > Advanced 
> 
> UNCHECKED: 
> Show Friendly HTTP error messages
> 
> CHECKED:  
> Use SSL 2.0
> Use SSL 3.0

You should disable SSL 2.0. My understanding is that it was always
broken and pretty much never used.

> Additional Notes: 'Use TLS 1.0' is unchecked and 'Use HTTP 1.1 through proxy 
> connection' is also unchecked. Also, I have tried the URL on a few different 
> windows machines and the result is exactly the same.

I thought that TLS 1.0 ~= SSL 3.0, but they may be different enough that
they are considered separate. I would enable TLS 1.0.

> Do you think this is related to:
> 
> Tomcat Setting?

Perhaps. How is Tomcat doing SSL? Have you set up certain ciphers that
it is allowed to use? I do SSL through Apache httpd (instead of Tomcat)
but there's a place where you can specify the ciphers that you are
allowed to use. If you are using a cipher on the server that isn't
supported by the client, then you won't be able to make a connection.

Since MSIE and Firefox have different capabilities as far as encryption
goes, it's possible that you have set your server to too-high an
encryption grade than MSIE is configured to accept.

> or
> Windows Setting ?

Perhaps. See above.

I hope that helps,
- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGJS169CaO5/Lv0PARAk1IAJ4jAizkHXjyknAjjTmX2JYkwSbUMACePcKs
sOvr3iEgsGkCXRmWG8Q9utQ=
=BGVQ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org