tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Filip Sergeys tc" <fsergeys...@verzekeringen.be>
Subject F.Y.I HTTP spoken on HTTPS port; PROBLEM and SOLUTION
Date Mon, 21 Oct 2002 08:57:27 GMT
Hi,

Maybe somebody in the near or distant future will hit the same problem.
I hope this can help you avoiding it.

Error "HTTP spoken on HTTPS port" using apache 1.3.26 with mod_ssl,
mod_jk1.2 and tomcat 4.1.12.

Error Description:
Requesting certain jsp pages via https gave us an error page back saying
we are trying to talk plain HTTP to a HTTPS server, while other pages
where served perfectly.
After long searching throug the access_logs and  ssl_engine_logs we
found that this caused the error: "sendRedirect"
Those pages that gave the error use "sendRedirect" in their code (we use
it to let one jsp page take the request and let another jsp page do the
respons).

What does sendRedirect do?
sendRedirect launches a new HTTP request, and this request goes via
apache again(you can see it in the apache access_log). However this
request is in plain HTTP while the apache server is expecting HTTPS
request(see details below). This is, I presume, causing the error. If
somebody know the gory detail to this... I'm interested

In detail
(see access_log and ssl_engine_log)
Browser requests secure connection, handshake is successfull
Browser sends GET request to apache server for pageX.jsp over HTTPS
Apache decrypts and forwards request to tomcat using  mod_jk
Tomcat processes page and does sendRedirect.
New HTTP request is send to apache (while apache is still in HTTPS
session)
Try to do handshake again, fails. HTTP spoken on HTTPS port.
Error page is send back to browser.

Solution description
Replacing sendRedirect with request.forward function. This seems to keep
the forwarding inside of tomcat.

Remaining question
What to do in situation where you can't use request.forward. According
to the documention it should be possible to provide tomcat with the
details of the https connection.
In the mod_jk.conf file their are directives like :
JkExtractSSL On
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator SSL_CIPHER
JkCERTSIndicator SSL_CLIENT_CERT

But we did not find any way to fetch this information in tomcat. if I
knew for example that the connection was https, may be then it is
possible to do a sendRedirect with https?
Suggestions on this ?


Hope this was valuable information.

Sincerely

Filip.



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message