|
Hi!
Am having the FireFox 3.0.1 on Windows XP with the default settings. When I try to connect(https on 443) to the internal website which is running on Apache Tomcat (v6.0.14), I get the following error: Secure Connection Failed An error occurred during a connection to 10.xx.xx.xx I ensured that the both SSL3.0 and TLS1.0 are enabled(and SSLv2 is disabled) in the browser security settings and also the "about:config". The web-server is correctly configured for secured http on TLS. Earlier with Firefox2.0.x, it was working fine. Also checked with Linux version of FireFox3.0.1 and it is working fine. When I tried to analysis the packets capture of the browser/web-server communication via "WireShark/Ethereal" tools, I observed that the FF3.0 on Windows uses "SSLv2 Record layer(Client Hello)" for SSL handshake negotiations, eventhough the SSLv2 is disabled in the drowser settings. As my tomcat webserver is configured for TLS, it doesn't seem to understand the SSLv2 record layer format, eventually errors out with "javax.net.ssl.SSLException: INTERNAL ERROR" Since SSLv2 is generally considered to be a weaker protocol than SSLv3 and TLS, why the heck FF3.0.1 on Windows uses SSLv2 Record protocol, also SSLv2 is disabled by default. On Redhat Linux, the same FF3.0.1(firefox-3.0.1-1.el5) uses "TLSv1 Record Layer(Client Hello)" for security negotiations. The Redhat Linux seems to work correctly in this as(by using the TLS1.0 as it is more secured). The FireFox v2.0.x on Windows uses "SSLv3 Record Layer(Client Hello)" which seems to fine. Even IE6.x and IE7.x doesn't seem to use SSLv2 protocol by default for any security negotiations. Am trying to understand reason for this protocol behaviour change in FireFox3.0.1 with regard to the SSL negotiations between Windows and Linux versions. Does anyone else faced similar kind of problem in this regard. Thanks, |
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
