This thread was archived. Please ask a new question if you need help.
ssl_error_internal_error_alert error in firefox when connecting to an internal website with self signed certificate.
Firefox 26.0 . The website is running on tomcat 7 server . Using java key store .java version "1.6.0_29" Can test the site with openssl s_client and response seem ok.
SSL handshake has read 2335 bytes and written 303 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 4096 bit Secure Renegotiation IS supported SSL-Session:
Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: 52B896D8E3B7D0B1A03C5D2E5FF8B594D6AA74E94CB193E24685A041C5BEBF3A Session-ID-ctx: Master-Key: 1063AB71B3389D139FD7DD490FE3DF2188FA24B5E090390D2A899B32E2895B1D7A093590BE8D6FCDEFD22ACF10D94544 Key-Arg : None Start Time: 1387828953 Timeout : 300 (sec) Verify return code: 18 (self signed certificate)
All Replies (9)
Can you please confirm what the issue is? Are you not able to setup a SSL connection to the internal website running on Tomcat. If so, have you tried installing the root CA certificate into Firefox? You can do that by going to Firefox -> Preferences -> Advanced -> View Certificates -> Certificate Authorities and then importing the root CA certificate.
Please check this and let us know if this helps in resolving the connectivity issue. Though, I am a bit surprised that the connection is not getting established. Typically, Firefox would warn you if you would like to continue with the connection. Are you not seeing this warning?
Note that it is possible that you have previously stored an exception for this or another certificate that is now causing problems.
Did you check that in the Certificate Manager?
- Tools > Options > Advanced > Certificates/Encryption: View Certificates
Modified by cor-el
I deleted all certificates. Still no change. I am able to open the site when I do the following setting in firefox. security.tls.version.max=0.
But I cannot do this change for all my users. So this solution is not good.
Can you please confirm the TLS version you are using to connect to the web-server. As per this tls.version.max article, knowing the server's supported version will be helpful. And also, if setting up security.tls.version.max=0 works, then it would mean that the web-server is supporting SSL V3.0 and not anything else, is it?
Can you please confirm what happens if you set security.tls.version.max=1 and security.tls.version.min=0.
security.tls.version.max=1 and security.tls.version.min=0 is my default setting and I get (Error code: ssl_error_internal_error_alert) on firefox with that. I can get SSL 3.0 and TLS 1.0 connection to the server by using openssl s_client. By default the server uses TLS 1.0 as mentioned in the test result in my first post. But for some reason , it's not able to establish TLS 1.0 connection with browser.
Did you also try the value of 1 for both the min and max value to force TLS 1.0 to see what happens in that case?
You can also try to set security.enable_tls_session_tickets to false.
Tried all options suggested by cor-el . The result was the same (Error code: ssl_error_internal_error_alert)
Thank you for contacting suppot. Happy New Year. I did a little research on the error message you are receiving and it looks like there may be an issue with the Tomcat configuration? Does your version support TSL 1.0? Or are you using OpenJDK on the server instead of Oracle's JRE? : https://support.mozilla.org/en-US/que.../750946
Let us know if this helps, we can investigate other options as well.
Happy New Year. My server support TSL 1.0. I am using Oracle JRE.
There are no error logs in server side as well.