Does this issue depend on Firefox version? (which version you are using?) Is it reproducible on different client PCs running the same Firefox version? Maybe different Firefox settings? Is TLS protocol enabled in Firefox (usually it is)?
>From description, this issue is not dependent on your application. Can you reproduce it with default applications that Tomcat comes with, on latest Tomcat 5.5.28 or 6.0.20, even if you cannot run your application on that versions? Is it reproducible with self-signed certificates? Is it reproducible on other operating systems? The set of ciphers in JDK 1.5 and JDK 1.6 might be different. That is, the browser and the server might not agree on what cipher to use. (though why there is the "internal_error" alert ?) Best regards, Konstantin Kolinko 2009/10/2 Nada O'Neal <nco2...@columbia.edu>: > Hey everyone - > > I'm stuck on Tomcat 5.5.26 to support a specific application. This is a > Solaris 9 server with no Apache - tomcat is handling its own webserving. > We're hoping to upgrade the JDK. I can use JDK-1.5.0_21 successfully. When I > start tomcat with JDK-1.6.0_16, I get one specific issue... > > Firefox, but not Safari or IE, will report on https connections: > > Secure Connection Error > An error occurred during a connection to mysite.com:8443. > Peer reports it experienced an internal error. > (Error code: ssl_error_internal_error_alert) > > Weirdly, there is no error in any error log when this happens. > > I think this might be a configuration error on my part. Here's our SSL conf > stanza: > > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > keystoreFile="/path/to/my/keystore" > keystorePass="somePass" /> > > ... I notice that in other people's configs, they have a specific reference > to a TrustStore. I have the CA certs imported into the keystore, though, and > I'm using this config on other servers, with other versions of tomcat, other > versions of the JDK, etc. (However, those are all linux servers.) I'm > especially suspicious about this possibility because lately there have been > other Firefox https bugs (like the Flash uploader bug) that ultimately have > to do with verifying the certificate authority. Adding in a truststore > doesn't seem to help, but maybe i r doin it wrong. > > Thanks for any references or wild speculation you can provide. > > - Nada > > (p.s. if you're curious about the Flash uploader bug, see e.g.: > http://bugs.adobe.com/jira/browse/FP-201 > http://bugs.adobe.com/jira/browse/FP-226 > https://bugs.adobe.com/jira/browse/SDK-13196 > http://swfupload.org/forum/generaldiscussion/347 ) > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
