為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

ssl_error_internal_error_alert error in firefox when connecting to an internal website with self signed certificate.

  • 9 回覆
  • 83 有這個問題
  • 1 次檢視
  • 最近回覆由 ravinja

more options

Firefox 26.0 . The website is running on tomcat 7 server . Using java key store .java version "1.6.0_29" Can test the site with openssl s_client and response seem ok.

SSL handshake has read 2335 bytes and written 303 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 4096 bit Secure Renegotiation IS supported SSL-Session:

   Protocol  : TLSv1
   Cipher    : EDH-RSA-DES-CBC3-SHA
   Session-ID: 52B896D8E3B7D0B1A03C5D2E5FF8B594D6AA74E94CB193E24685A041C5BEBF3A
   Session-ID-ctx: 
   Master-Key: 1063AB71B3389D139FD7DD490FE3DF2188FA24B5E090390D2A899B32E2895B1D7A093590BE8D6FCDEFD22ACF10D94544
   Key-Arg   : None
   Start Time: 1387828953
   Timeout   : 300 (sec)
   Verify return code: 18 (self signed certificate)

--- closed

Firefox 26.0 . The website is running on tomcat 7 server . Using java key store .java version "1.6.0_29" Can test the site with openssl s_client and response seem ok. SSL handshake has read 2335 bytes and written 303 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 4096 bit Secure Renegotiation IS supported SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: 52B896D8E3B7D0B1A03C5D2E5FF8B594D6AA74E94CB193E24685A041C5BEBF3A Session-ID-ctx: Master-Key: 1063AB71B3389D139FD7DD490FE3DF2188FA24B5E090390D2A899B32E2895B1D7A093590BE8D6FCDEFD22ACF10D94544 Key-Arg : None Start Time: 1387828953 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- closed

所有回覆 (9)

more options

Hello,

Can you please confirm what the issue is? Are you not able to setup a SSL connection to the internal website running on Tomcat. If so, have you tried installing the root CA certificate into Firefox? You can do that by going to Firefox -> Preferences -> Advanced -> View Certificates -> Certificate Authorities and then importing the root CA certificate.

Please check this and let us know if this helps in resolving the connectivity issue. Though, I am a bit surprised that the connection is not getting established. Typically, Firefox would warn you if you would like to continue with the connection. Are you not seeing this warning?

Thank you

more options

Note that it is possible that you have previously stored an exception for this or another certificate that is now causing problems.

Did you check that in the Certificate Manager?

  • Tools > Options > Advanced > Certificates/Encryption: View Certificates

由 cor-el 於 修改

more options

I deleted all certificates. Still no change. I am able to open the site when I do the following setting in firefox. security.tls.version.max=0.

But I cannot do this change for all my users. So this solution is not good.

more options

Hello,

Can you please confirm the TLS version you are using to connect to the web-server. As per this tls.version.max article, knowing the server's supported version will be helpful. And also, if setting up security.tls.version.max=0 works, then it would mean that the web-server is supporting SSL V3.0 and not anything else, is it?

Can you please confirm what happens if you set security.tls.version.max=1 and security.tls.version.min=0.

Thank you

more options

security.tls.version.max=1 and security.tls.version.min=0 is my default setting and I get (Error code: ssl_error_internal_error_alert) on firefox with that. I can get SSL 3.0 and TLS 1.0 connection to the server by using openssl s_client. By default the server uses TLS 1.0 as mentioned in the test result in my first post. But for some reason , it's not able to establish TLS 1.0 connection with browser.

more options

Did you also try the value of 1 for both the min and max value to force TLS 1.0 to see what happens in that case?

  • security.tls.version.max=1
  • security.tls.version.min=1

You can also try to set security.enable_tls_session_tickets to false.

more options

Tried all options suggested by cor-el . The result was the same (Error code: ssl_error_internal_error_alert)

more options

Hi ravinja,

Thank you for contacting suppot. Happy New Year. I did a little research on the error message you are receiving and it looks like there may be an issue with the Tomcat configuration? Does your version support TSL 1.0? Or are you using OpenJDK on the server instead of Oracle's JRE?  : https://support.mozilla.org/en-US/que.../750946

Let us know if this helps, we can investigate other options as well.

more options

guigs2,

Happy New Year. My server support TSL 1.0. I am using Oracle JRE.

There are no error logs in server side as well.