SSL: Peer reports it experienced an internal error.; what does this error really mean?
I have an internal site with the following basic setup:
Apache Tomcat 2.0.29 Running Hudson
Tomcat is configured to allow HTTPS connections from internal users. The certificate used is signed by my own CA. It is important to note that the certificate is a wildcard cert, so any host at my domain will match.
I am trying to access this site using both Firefox 3.6.7 and Chrome 6.x. Both browsers are configured to trust any certificate signed by my CA.
If Tomcat is running without Hudson deployed, then the site works fine over SSL in both Firefox and Chrome. Once Hudson is deployed to the site, then Firefox starts to display the following error:
--- Secure Connection Failed An error occurred during a connection to site.example.com:8443.
Peer reports it experienced an internal error.
(Error code: ssl_error_internal_error_alert) ---
Chrome does not display such and error and the site is still fully functional.
Its interesting to note, that this same setup (Tomcat configuration) can be used with other applications and Firefox works fine. Some examples are JIRA, Artifactory, etc. Its only Hudson that triggers this issue. Chrome 6.x works in a cases.
Can someone explain what the error message above means? Is it possible there is a configuration error that Chrome is ignoring? Or is it more likely Hudson is doing something that is triggering a bug in Firefox?
I would guess this is not a common problem as I was unable to find the error message above on the support.mozilla.com site.
The site I'm using is internal, but if needed, I can setup an instance in the same configuration that is externally available.
Wšě wotmołwy (3)
More information. I noticed a message in Chrome that stated TLS was not used and that the connection was using SSLv3.
Based on this information, under 'Advanced -> Encryption', I unchecked 'Use TLS 1.0'.
After making this change, I was able to use Firefox to browse the site just fine (using SSL 3.0).
I encountered this, too. It seems Tomcat 7 doesn't support TLS 1.0 anymore, but only TLS 1.1 and 1.2. Firefox, on the other hand, only supports TLS 1.0. When "Use TLS 1.0" is enabled, Firefox throws the "ssl_error_internal_error_alert". Firefox could fall back on SSL 3.0, which is also supported by Tomcat, instead of throwing the error.
The ideal solution would be for Firefox to support TLS 1.1/1.2.
In Tomcat, changing the protocol for the connector (in server.xml) from sslProtocol="TLS" to sslProtocol="SSLv3" seems to have no effect.
Wot erikcederstrand
I finally tracked this down. I was using OpenJDK on the server instead of Oracle's JRE. When I switched back to Oracle, Firefox started behaving again. Apparently, OpenJDK's SSL implementation is sub-optimal.
If you really want to use OpenJDK with SSL, it's possible that installing an improved crypto API from http://www.bouncycastle.org/java.html will help. I haven't tested this yet.