> Date: Thu, 19 Dec 2013 15:41:13 -0500
> From: ch...@christopherschultz.net
> To: users@tomcat.apache.org
> Subject: Re: ssl_error_internal_error_alert in tomcat 7
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Jaya,
>
> On 12/19/13, 2:54 PM, jaya ravindran wrote:
> > I am getting SSL error in firefox when connecting to tomcat
> > server. Apache Tomcat Version 7.0.22 using JSSE configuration
>
> You should really upgrade from your 2-year-old version. Tomcat 7 is on
> version 7.0.47 these days. It's possible something has been fixed.
>
> > java version "1.6.0_41" using 64 bit . IE and Chrome works fine
> > although I can see the following message in Chrome . The connection
> > users SSL 3.0 When I edit firefox and set
> > security.tls.version.max=0, I can get connection. My ssl config is
> > below.
MG>security.tls.version.min = 0 (SSL 3.0);
>
> Do you have any non-default setting for security.enable_ssl3 or
> security.enable_tls?
>
> > Can anyone suggest some possible reasons for this error?
> >
> > <Connector port="8443"
> > protocol="org.apache.coyote.http11.Http11Protocol"
> > SSLEnabled="true" scheme="https" secure="true" clientAuth="false"
> > sslProtocol="TLS" keystoreFile="my.keystore"
MG>sslProtocol="SSLv3"
> > keystorePass="acdfv123" truststoreFile="my.keystore"
> > truststorePass="acdfv123" connectionTimeout="20000"
> > redirectPort="18443" maxThreads="150" maxSpareThreads="75"
> > enableLookups="false" acceptCount="100"
> > disableUploadTimeout="true" URIEncoding="UTF-8" server="Apache" />
>
> Can you try using OpenSSL's s_client with various options (for TLS
> protocol) to see which ones do and do not work?
>
> - -chris
MG>https://support.mozilla.org/en-US/questions/963325
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.15 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJSs1nnAAoJEBzwKT+lPKRYjaUP/2wwh/XACKSsPtFViWxz+78m
> aXOos8dB60Sx8czBsFfDsIzFfBdvCOEzmLl5ZlOUi7EyV8F+qwh6mG/x73vUIdrb
> LcLQlrYUJaDg8XXHMSRa5icATBE3sZQVITgDUUkF1dp0uyUoQmE/HLnZ3HZfIOA3
> UQbHb/f7N5CHpb9LQ82YUlSRZ6v+feqsBEg0BPg4tf1x9eHEcf6xPUu6sCdzcdXC
> 01cpS2/5v8hyo2QmeG6shM+JBJoFAFKLisJrhVuSmFUMWLxqt9MykGlvkf/sfZIQ
> klSuCbQ74dxYS5OhcP3ipqD3nb7t3C93qRSZBqSGI8PZtWntwEZqTrR+obTxB3CZ
> H/nzKCupV+9s1NrHNO8q6fQ0UCrPCucwJS6WM9nIEczu5miMxpdb+mj8Qmj6dpYn
> 3b4IeLn4qfAk9FNGHuiiL4y87uMkR2+617+2L3VI2f/N/E2Y4bf0zeb7Du5UhuGn
> FxXLRjaNDIPj1yeJHqz7DiuArSv9eZwG1xWAWfBQIVwux+Vm4OCgjph52vGYp2n1
> Y7Iht9/xb1qVxw1KUVeU+qevTszBYnf9V2UM6LPxBzZQwuBkXhZwOYIdRPC/CVn6
> +U4+xf2/3IDpale2eO/453+0f2Zy7aApPKXPvgoAcy68jYBbxuSpL0gEQk1BIGhV
> y94bWDTJiTu9AIy0tiyj
> =KaW9
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
