Seems that I dived into the wrong way. I found that the handshake version is different sometime,so i was investigating the protocol. I should start with the most apparent and simple place from the stack trace. Though it is worth knowing how SSL handshake works :)
It will no longer throw the java.lang.ArrayIndexOutOfBoundsException at org.apache.harmony.xnet.provider.jsse.CipherSuite.getByCode() now. Thank you. 2008/9/7 Tim Ellison <[EMAIL PROTECTED]>: > Please try again with SVN revision r692675 or later. > > Works for me now. > > Regards, > Tim > > Suresh Kumar J wrote: >> Hi >> >> I have a web-application which runs on Apache-Tomcat v6.0.13. Am using >> theApache Harmony JRE(v6). When I try to launch the application on the >> latest FireFox v3.0.1 browser, tomcat errors out with the following >> message in the catalina.out : >> -------------------------------------------------- >> Aug 29, 2008 2:52:52 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run >> SEVERE: Socket accept failed >> Throwable occurred: java.net.SocketException: SSL handshake error >> javax.net.ssl.SSLException: INTERNAL ERROR >> at >> org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150) >> >> at >> org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310) >> at java.lang.Thread.run(Thread.java:657) >> -------------------------------------------------- >> >> After debugging the issue, it turns out to be that the Apache-Tomcat is >> not able to handle the full set of cipher suites implemented in the >> latest FireFox v3.0.1. >> dhe_dss_camellia_128_sha (0x000044) >> dhe_dss_camellia_256_sha (0x000087) >> dhe_rsa_camellia_128_sha (0x000045) >> dhe_rsa_camellia_256_sha (0x000088) >> rsa_camellia_128_sha (0x000041) >> rsa_camellia_256_sha (0x000084) >> >> In order to make my web application to work with FireFox browser >> v3.0.1), the above mentioned cipher suites needs to be "disabled" in the >> browser via the "about:config" option. >> >> * Am having the default lib/security/java.security config of the Harmony >> JRE. >> * Below is the snippet of the server.xml config file of the tomcat server: >> ---------------------------- >> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" >> maxThreads="150" scheme="https" secure="true" >> clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12" >> keystoreFile="conf/my-key-store" keystorePass="abcd"/> >> ---------------------------- >> >> * Why does Tomcat(when used with Harmony JRE) errors out if it doesn't >> understand the some of the cipher suite. Instead it should gracefully >> ignore them. >> >> * Have enclosed the packet capture which shows the SSL handshake message >> from the client(frame$4) and the response from the tomcat server which >> has the internal error(frame$6). >> >> * Here is the bug filed no apache-tomcat which got rejected saying the >> issue was not actually of Tomcat's and of Harmony JRE. >> https://issues.apache.org/bugzilla/show_bug.cgi?id=45730 >> >> * Here was my posting in the firefox-security-dev mailing list: >> http://www.nabble.com/FireFox-v3.0.1-of-Windows-uses-SSLv2-Record-Layer-even-when-SSLv2-is-disabled-td19239646.html >> >> >> * Here was my posting in the tomcat-user mailing list: >> http://www.nabble.com/How-to-make-to-Apache-Tomcat-6.0.13-to-support-all-of-SSLv2-SSLv3-and-TLS-protocols-tt19228675.html >> >> >> Any inputs on this issue would be appreciated. >> >> Thanks, >> Suresh >> > -- Best Regards Sean, Xiao Xia Qiu China Software Development Lab, IBM
