Hi,
I thought it would be interesting to share this information with the list.
I encountered an error (ssl_error_internal_error_alert) in Firefox when surfing to my Tomcat 6 webserver through https (on which I installed an IdP).
The error wasn’t occurring in IE and Chrome.
After increasing my Tomcat logs to DEBUG, I found out that the the problem was lying with Bouncy Castle.
The logs state:
16:19:43,105 [http-443-1] DEBUG Handshake failed - org.apache.tomcat.util.net.JIoEndpoint [20091112]
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:160)
at org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:639)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: Could not generate DH keypair
at com.sun.net.ssl.internal.ssl.ECDHCrypt.<init>(Unknown Source)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.setupEphemeralECDHKeys(Unknown Source)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.trySetCipherSuite(Unknown Source)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(Unknown Source)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
... 6 more
Caused by: java.security.InvalidAlgorithmParameterException: unknown curve name: 1.2.840.10045.3.1.7
at org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC.initialize(Unknown Source)
... 16 more
I was using bcprov-jdk16-143.jar
Upgrading to bcprov-jdk16-144.jar solved the problem.
I was using Firefox for Ubuntu 3.0.15
-Bart Ophelders