DO NOT REPLY [Bug 45730] New: Tomcat (with Harmony JRE) errors out when used with the latest FireFox 3.0.1 browser

Tue, 02 Sep 2008 13:41:40 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=45730

           Summary: Tomcat (with Harmony JRE) errors out when used with the
                    latest FireFox 3.0.1 browser
           Product: Tomcat 6
           Version: 6.0.13
          Platform: PC
               URL: http://www.nabble.com/How-to-make-to-Apache-Tomcat-
                    6.0.13-to-support-all-of-SSLv2-SSLv3-and-TLS-protocols-
                    to19228675.html#a19235053
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: [EMAIL PROTECTED]
        ReportedBy: [EMAIL PROTECTED]
                CC: [EMAIL PROTECTED]


I have a web-application which runs on Apache-Tomcat v6.0.13. Am using the
Apache Harmony JRE. When I try to launch the application on the latest FireFox
v3.0.1 browser, tomcat errors out with the following message in the
catalina.out :
--------------------------------------------------
Aug 29, 2008 2:52:52 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run
SEVERE: Socket accept failed
Throwable occurred: java.net.SocketException: SSL handshake error
javax.net.ssl.SSLException: INTERNAL ERROR
       at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
       at
org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
       at java.lang.Thread.run(Thread.java:657)
-------------------------------------------------- 

After debugging the issue, it turns out to be that the Apache-Tomcat is not
able to handle the full set of cipher suites implemented in the latest FireFox
v3.0.1. 
dhe_dss_camellia_128_sha (0x000044)
dhe_dss_camellia_256_sha (0x000087)
dhe_rsa_camellia_128_sha (0x000045)
dhe_rsa_camellia_256_sha (0x000088)
rsa_camellia_128_sha (0x000041)
rsa_camellia_256_sha (0x000084)

In order to make my web application to work with FireFox Windows
browser(v3.0.1), the above mentioned cipher suites needs to be "disabled" in
the browser via the "about:config" option.

Below is the snippet of the server.xml config:
----------------------------
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
              maxThreads="150" scheme="https" secure="true"
              clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
              keystoreFile="conf/my-key-store" keystorePass="abcd"/>
---------------------------- 

Here is my postings in the firefox-security-dev mailing list:
http://www.nabble.com/FireFox-v3.0.1-of-Windows-uses-SSLv2-Record-Layer-even-when-SSLv2-is-disabled-td19239646.html

Here is my postings in the tomcat-user mailing list:
http://www.nabble.com/How-to-make-to-Apache-Tomcat-6.0.13-to-support-all-of-SSLv2-SSLv3-and-TLS-protocols-to19228675.html#a19235053


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to