We are having a problem with our Standalone tomcat Server SSL Connectors
and viewing servlets in Internet Explorer 7on Windows Vista.
With the original config in the server.xml and SSLProtocol set to "SSL"
It works fine on IE6, and IE7 on XP. It does not work on IE7 on Windows
Vista.
When the protocol is set to TLS, it works in IE7 on Vista, but not IE6.
You can get around this by in IE7 turning off the "Use TLS 1.0" option
on IE, or turning this option on in IE6. We do not feel this workaround
is sufficient for our needs.
We want a way to not have to make these changes. I seriously think it
has to do with the Java we are using because of what I have seen in the
Tomcat docs.
"The encryption/decryption protocol to be used on this socket. It is not
recommended to change this value if you are using Sun's JVM. It is
reported that IBM's 1.4.1 implementation of the TLS protocol is not
compatible with some popular browsers. In this case, use the value SSL."
We are using IBM Java 1.5.0
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build
pxi32dev-20060511 (SR2))
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Linux x86-32
j9vmxi3223-20060504 (JIT enabled)
J9VM - 20060501_06428_lHdSMR
JIT - 20060428_1800_r8
GC - 20060501_AA)
JCL - 20060511a
And Tomcat 5.5.20
Here is the Server.xml for the connector
<Connector address="XXX.XX.XXX.XX" port="443"
maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="SSL"
keystoreFile="/usr/local/bin/ice/sslcerts/.keystore"
keystorePass="changeme" algorithm="IbmX509" />
Would we be able to fix this problem, by going Sun Java and redoing
keystores and certificates? Would this allow the TLS Protocol to work
for all browsers?
Thanks in advance for the help!
