2012/4/10 Gregor S. <rc4...@googlemail.com>: > Hi guys, > > I know, it's actually not a Tomcat-problem, but I was wondering if one > of those guru hanging around in this mailing-list could give me a hint > on how to handle this problem. > > As some of you might be aware, Firefox (from on version 9.x) cannot > handle TLS-records which are served from a server if they are split > into multiple parts. > > This behaviour is documented here: > https://bugzilla.mozilla.org/show_bug.cgi?id=702111 > > Since some of our clients are using Firefox, I just can't lean back > and tell them "well, that's a Firefox-bug, get a decent browser" - > unfortunately. > > We are using Apache Tomcat 6.0.24 on Scientific Linux release 6.2 > (Carbon), Tomcat is running as a demon via jsvc, and Tomcat is using > the Apache Portable Runtime (APR). > > I went through all docs I could find on the net, hoping, there was > some screw I could turn to switch off TLS record splitting on the > server side, but I couldn't find anything. > > Our scenario is as follows: > > - SSL connection > - user is prompted for ID / password via FormLogin (j_security_check) > > And then we get the message > > "The connection was reset" > "The connection to the server was reset while the page was loading." > > Does any of you guys have an idea, if there is any Tomcat > configuration-parameter I could try to overcome this behaviour? > > IE Chrome (both all versions) are working like charm. >
1. Reading [1] especially Comment 7 it does not looks like browser problem. It says it is because browser is not sending all data in one big packet, but is sending some small portion first. Am I missing something? 2. Comment 37 shows some web application coding patterns that lead to observing this error. Does this happen with some specific web application / some specific pages? (So there is some specific error there), or "standard" applications fail as well? 3. I think you should consider updating to a more recent version of Tomcat 6, as well as of Tomcat-Native and OpenSSL (and maybe APR as well). See http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-native.html BTW, that issue [1] and ms12-006 referenced in it [2] discuss TLS 1.1 and 1.2. [2] http://technet.microsoft.com/en-us/security/bulletin/ms12-006 Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
