Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

ssl_error_internal_error_alert error in firefox when connecting to an internal website with self signed certificate.

  • 9 replies
  • 83 have this problem
  • 13 views
  • Last reply by ravinja

more options

Firefox 26.0 . The website is running on tomcat 7 server . Using java key store .java version "1.6.0_29" Can test the site with openssl s_client and response seem ok.

SSL handshake has read 2335 bytes and written 303 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 4096 bit Secure Renegotiation IS supported SSL-Session:

   Protocol  : TLSv1
   Cipher    : EDH-RSA-DES-CBC3-SHA
   Session-ID: 52B896D8E3B7D0B1A03C5D2E5FF8B594D6AA74E94CB193E24685A041C5BEBF3A
   Session-ID-ctx: 
   Master-Key: 1063AB71B3389D139FD7DD490FE3DF2188FA24B5E090390D2A899B32E2895B1D7A093590BE8D6FCDEFD22ACF10D94544
   Key-Arg   : None
   Start Time: 1387828953
   Timeout   : 300 (sec)
   Verify return code: 18 (self signed certificate)

--- closed

All Replies (9)

more options

Hello,

Can you please confirm what the issue is? Are you not able to setup a SSL connection to the internal website running on Tomcat. If so, have you tried installing the root CA certificate into Firefox? You can do that by going to Firefox -> Preferences -> Advanced -> View Certificates -> Certificate Authorities and then importing the root CA certificate.

Please check this and let us know if this helps in resolving the connectivity issue. Though, I am a bit surprised that the connection is not getting established. Typically, Firefox would warn you if you would like to continue with the connection. Are you not seeing this warning?

Thank you

more options

Note that it is possible that you have previously stored an exception for this or another certificate that is now causing problems.

Did you check that in the Certificate Manager?

  • Tools > Options > Advanced > Certificates/Encryption: View Certificates

Modified by cor-el

more options

I deleted all certificates. Still no change. I am able to open the site when I do the following setting in firefox. security.tls.version.max=0.

But I cannot do this change for all my users. So this solution is not good.

more options

Hello,

Can you please confirm the TLS version you are using to connect to the web-server. As per this tls.version.max article, knowing the server's supported version will be helpful. And also, if setting up security.tls.version.max=0 works, then it would mean that the web-server is supporting SSL V3.0 and not anything else, is it?

Can you please confirm what happens if you set security.tls.version.max=1 and security.tls.version.min=0.

Thank you

more options

security.tls.version.max=1 and security.tls.version.min=0 is my default setting and I get (Error code: ssl_error_internal_error_alert) on firefox with that. I can get SSL 3.0 and TLS 1.0 connection to the server by using openssl s_client. By default the server uses TLS 1.0 as mentioned in the test result in my first post. But for some reason , it's not able to establish TLS 1.0 connection with browser.

more options

Did you also try the value of 1 for both the min and max value to force TLS 1.0 to see what happens in that case?

  • security.tls.version.max=1
  • security.tls.version.min=1

You can also try to set security.enable_tls_session_tickets to false.

more options

Tried all options suggested by cor-el . The result was the same (Error code: ssl_error_internal_error_alert)

more options

Hi ravinja,

Thank you for contacting suppot. Happy New Year. I did a little research on the error message you are receiving and it looks like there may be an issue with the Tomcat configuration? Does your version support TSL 1.0? Or are you using OpenJDK on the server instead of Oracle's JRE?  : https://support.mozilla.org/en-US/que.../750946

Let us know if this helps, we can investigate other options as well.

more options

guigs2,

Happy New Year. My server support TSL 1.0. I am using Oracle JRE.

There are no error logs in server side as well.