Hi Suresh, I'm no expert in this area, but remember this has been raised before. Looking in the archives, this seems most relevant [1].
In particular, "Harmony's JSSE provider supports TLS v1 and SSL v3 versions of the protocol, and if the server uses SSL v2 it simply does not understand the client." Your Frame 4 capture shows that the negotiation was attempting to conduct an SSLv2 handshake. I don't know what effort is required to also support SSLv2. [1] http://mail-archives.apache.org/mod_mbox/harmony-dev/200610.mbox/[EMAIL PROTECTED] Regards, Tim Suresh Kumar J wrote: > Hi > > I have a web-application which runs on Apache-Tomcat v6.0.13. Am using > theApache Harmony JRE(v6). When I try to launch the application on the > latest FireFox v3.0.1 browser, tomcat errors out with the following > message in the catalina.out : > -------------------------------------------------- > Aug 29, 2008 2:52:52 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run > SEVERE: Socket accept failed > Throwable occurred: java.net.SocketException: SSL handshake error > javax.net.ssl.SSLException: INTERNAL ERROR > at > org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150) > > at > org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310) > at java.lang.Thread.run(Thread.java:657) > -------------------------------------------------- > > After debugging the issue, it turns out to be that the Apache-Tomcat is > not able to handle the full set of cipher suites implemented in the > latest FireFox v3.0.1. > dhe_dss_camellia_128_sha (0x000044) > dhe_dss_camellia_256_sha (0x000087) > dhe_rsa_camellia_128_sha (0x000045) > dhe_rsa_camellia_256_sha (0x000088) > rsa_camellia_128_sha (0x000041) > rsa_camellia_256_sha (0x000084) > > In order to make my web application to work with FireFox browser > v3.0.1), the above mentioned cipher suites needs to be "disabled" in the > browser via the "about:config" option. > > * Am having the default lib/security/java.security config of the Harmony > JRE. > * Below is the snippet of the server.xml config file of the tomcat server: > ---------------------------- > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12" > keystoreFile="conf/my-key-store" keystorePass="abcd"/> > ---------------------------- > > * Why does Tomcat(when used with Harmony JRE) errors out if it doesn't > understand the some of the cipher suite. Instead it should gracefully > ignore them. > > * Have enclosed the packet capture which shows the SSL handshake message > from the client(frame$4) and the response from the tomcat server which > has the internal error(frame$6). > > * Here is the bug filed no apache-tomcat which got rejected saying the > issue was not actually of Tomcat's and of Harmony JRE. > https://issues.apache.org/bugzilla/show_bug.cgi?id=45730 > > * Here was my posting in the firefox-security-dev mailing list: > http://www.nabble.com/FireFox-v3.0.1-of-Windows-uses-SSLv2-Record-Layer-even-when-SSLv2-is-disabled-td19239646.html > > > * Here was my posting in the tomcat-user mailing list: > http://www.nabble.com/How-to-make-to-Apache-Tomcat-6.0.13-to-support-all-of-SSLv2-SSLv3-and-TLS-protocols-tt19228675.html > > > Any inputs on this issue would be appreciated. > > Thanks, > Suresh >
