tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Browsers suddenly start timing out when accessing port 80 of secure site
Date Tue, 24 Jun 2014 12:42:24 GMT
Hash: SHA256


On 6/23/14, 2:30 PM, Bruce Lombardi wrote:
> Moving the SSL port from 8443 to 443 has solved the problem. It 
> appears that when the url is entered, Firefox 
> remembers that this is an SSL site and automatically add the "s"
> to get https. In fact after the timeout the url line in the
> browser shows Obviously, this is
> defaulting to the standard SSL port (443), which does not work if
> 8443 is used. Moving the port to 443 solved the problem.
> If you read about setting up Tomcat, the default SSL port is 8443. 
> Maybe this is done for testing, but it never seems to be explained 
> that there might be problems with 8443.

I have never experienced the behavior you describe. Certain clients do
cache responses from servers, so it's possible that you had a bad setup
at some point that redirected :80 -> :443 and then Firefox wouldn't
forget that response and change to :8443.

The :8443 default configuration makes sense because :443 is often used
by web servers like Apache httpd, MS IIS, etc. and we don't want to a)
interfere with them or b) cause Tomcat to fail to start.

I don't believe there are any problems with using port 8443 for SSL.

- -chris

> -----Original Message----- From: Christopher Schultz 
> [] Sent: Friday, June 20, 2014 
> 10:51 AM To: Tomcat Users List Subject: Re: Browsers suddenly
> start timing out when accessing port 80 of secure site
> Jeffrey,
> On 6/20/14, 10:24 AM, Jeffrey Janner wrote:
>>> -----Original Message----- From: Bruce Lombardi 
>>> [] Sent: Thursday, June 19, 2014
>>> 11:33 AM To: Subject: Browsers suddenly
>>> start timing out when accessing port 80 of secure site
>>> We have a Java application running on Tomcat 7.0.52 on an
>>> Amazon Web Services EC2 Windows 2008 R2 server. Tomcat is setup
>>> so that our application is the root application and is
>>> accessible from port 80. The application and Tomcat are
>>> configured with SSL so that whenever anyone types in the url
>>> for the site (e.g. Tomcat will switch into
>>> HTTPS and use port 8443.
>>> This all works fine, but it seems that if for some reason a 
>>> browser times out when accessing the site, it will never
>>> connect to the site again, and any attempt to connect using 
>>> will show that the connection has timed out.
>>>  Yet if you put in the port number (e.g.,
>>> it comes up right away. We have seen
>>> this happen on both Chrome (Version 35.0.1916.153 m) and
>>> Firefox (Version 30.0).
>>> On Chrome I was able to get the browser to connect to the site
>>> by going to Settings > Advanced > Clear Browser Data and
>>> clearing browser history, download history, cookies, and cached
>>> images and files. Once I did that the site came up immediately
>>> with and switch to HTTPS as it is supposed to
>>> do.
>>> On Firefox, I get the same thing. It will not connect unless I 
>>> add the port. I tried clearing cached web content, setting the 
>>> cache limit to zero, and clearing offline web content. None of 
>>> this worked. Re-installing Firefox did work.
>>> It took me several months to encounter this problem. But other 
>>> users have encountered it right away (e.g., when setting up a
>>> new machine).
>>> Using browser development tools and Tomcat logs, I was able to 
>>> see the following:
>>> .         When working chrome send get to url. Tomcat responds
>>>  with HTTP 302 and redirects to the secure port. The Tomcat 
>>> localhost_access_log reflects these transmissions.
>>> .         When not working, Firefox sends get to url, but no 
>>> response is returned. The Tomcat localhost_access_log is
>>> blank.
>>> Can anyone shed any light on this? Is this a Tomcat issue or 
>>> something to do with the browsers? Is there anything I can
>>> look for in the logs that may help?
>>> Bruce
>> Sounds like a browser issue to me
> +1
> I've found that many browsers cache responses - including error 
> responses -- longer than one might expect. Try a complete 
> page-refresh using SHIFT-CTRL-R (or SHIFT-CMD-R), and if that
> doesn't work, clear all cache and possibly restart the browser if
> that doesn't work.
>> , Bruce, unless you've got something else in your topology that 
>> could be causing the issue. Say a proxy, for instance? Also, are 
>> you sure on the subsequent attempts that your URL starts off
>> with http:// and not https://.  It's a pretty easy detail to
>> overlook.
>> And on a just curious basis:  Why redirect to 8443 instead of the
>>  standard HTTPS port of 443? Then you wouldn't need the port
>> number in the URL.
> +1
> (And if you can't because you already have a web server running,
> try routing the Tomcat traffic through the web server.)
> -chris
> ---------------------------------------------------------------------
To unsubscribe, e-mail:
> For additional commands, e-mail:
> ---------------------------------------------------------------------
To unsubscribe, e-mail:
> For additional commands, e-mail:
Version: GnuPG v1
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message