Suresh Kumar J wrote: > Thanks Tim!. > Is the r692675 out?. Am not seeing it under > http://people.apache.org/builds/harmony/snapshots/
No, those have had some sniff tests performed -- I released my changes straight into head. Please try with the latest code in the repository. Regards, Tim > Tim Ellison wrote: >> Please try again with SVN revision r692675 or later. >> >> Works for me now. >> >> Regards, >> Tim >> >> Suresh Kumar J wrote: >> >>> Hi >>> >>> I have a web-application which runs on Apache-Tomcat v6.0.13. Am using >>> theApache Harmony JRE(v6). When I try to launch the application on the >>> latest FireFox v3.0.1 browser, tomcat errors out with the following >>> message in the catalina.out : >>> -------------------------------------------------- >>> Aug 29, 2008 2:52:52 PM >>> org.apache.tomcat.util.net.JIoEndpoint$Acceptor run >>> SEVERE: Socket accept failed >>> Throwable occurred: java.net.SocketException: SSL handshake error >>> javax.net.ssl.SSLException: INTERNAL ERROR >>> at >>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150) >>> >>> >>> at >>> org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310) >>> >>> at java.lang.Thread.run(Thread.java:657) >>> -------------------------------------------------- >>> >>> After debugging the issue, it turns out to be that the Apache-Tomcat is >>> not able to handle the full set of cipher suites implemented in the >>> latest FireFox v3.0.1. >>> dhe_dss_camellia_128_sha (0x000044) >>> dhe_dss_camellia_256_sha (0x000087) >>> dhe_rsa_camellia_128_sha (0x000045) >>> dhe_rsa_camellia_256_sha (0x000088) >>> rsa_camellia_128_sha (0x000041) >>> rsa_camellia_256_sha (0x000084) >>> >>> In order to make my web application to work with FireFox browser >>> v3.0.1), the above mentioned cipher suites needs to be "disabled" in the >>> browser via the "about:config" option. >>> >>> * Am having the default lib/security/java.security config of the Harmony >>> JRE. >>> * Below is the snippet of the server.xml config file of the tomcat >>> server: >>> ---------------------------- >>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" >>> maxThreads="150" scheme="https" secure="true" >>> clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12" >>> keystoreFile="conf/my-key-store" keystorePass="abcd"/> >>> ---------------------------- >>> >>> * Why does Tomcat(when used with Harmony JRE) errors out if it doesn't >>> understand the some of the cipher suite. Instead it should gracefully >>> ignore them. >>> >>> * Have enclosed the packet capture which shows the SSL handshake message >>> from the client(frame$4) and the response from the tomcat server which >>> has the internal error(frame$6). >>> >>> * Here is the bug filed no apache-tomcat which got rejected saying the >>> issue was not actually of Tomcat's and of Harmony JRE. >>> https://issues.apache.org/bugzilla/show_bug.cgi?id=45730 >>> >>> * Here was my posting in the firefox-security-dev mailing list: >>> http://www.nabble.com/FireFox-v3.0.1-of-Windows-uses-SSLv2-Record-Layer-even-when-SSLv2-is-disabled-td19239646.html >>> >>> >>> >>> * Here was my posting in the tomcat-user mailing list: >>> http://www.nabble.com/How-to-make-to-Apache-Tomcat-6.0.13-to-support-all-of-SSLv2-SSLv3-and-TLS-protocols-tt19228675.html >>> >>> >>> >>> Any inputs on this issue would be appreciated. >>> >>> Thanks, >>> Suresh >>> >>> >
