tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Y <day...@gmail.com>
Subject Re: SSL issue in tomcat
Date Mon, 02 Feb 2015 09:46:27 GMT
Thanks for your reply, Chris.

I am providing solr search service on Linux server. My java version is
1.7_67(64bit) and tomcat version is 7.0.55 and tomcat Connector is:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="500" SSLEnabled="true" scheme="https"
secure="true"
               clientAuth="false" sslProtocol="TLS"
keystoreFile="/path/**.keystore" keystorePass="password" />
In my service I provide both REST and WSDL servie to call solr search by
https. Everything worked well until one day(about in Nov, 2014) we found we
could not open wsdl URL in any browsers while our clients' codes that calls
solr search are always working fine.

In the coming days, two clients' developers(.NET) raised some tickets
complaining that they could not call solr service on their local
machines(while their code on PROD running well and never failed). They said
they could not even load wsdl in Visual Studio. At this time I realized
that I should test it by myself so I tested(with java code) to call the
service both by REST and by WSDL, and both worked fine.

*My code to call WSDL is:*
        System.setProperty("javax.net.ssl.trustStore", certificationPath);
    XXXXService service = new XXXXService();
    XXXX port = service.getXXXXPort();
        // start add soap header
        Binding binding = ((BindingProvider) port).getBinding();
        List<Handler> handlerList = binding.getHandlerChain();
        if (handlerList == null)
            handlerList = new ArrayList<Handler>();

        handlerList.add(new SecurityHandler(username, password));
        binding.setHandlerChain(handlerList);
        String query = "q=Id:123456";
        long offset = 0;
        long limit = 100;
        Holder<Long> numFound = new Holder<Long>();
        Holder<Long> start = new Holder<Long>();
        Holder<List<XXXXSolrDocument>> doc=new
Holder<List<XXXXSolrDocument>>();

        port.search(query,offset,limit,numFound,start,doc);
        System.out.println(doc.value.size());
*My code to call REST service is:*
                SolrQuery query = new SolrQuery();
query.setQuery("*:*");
System.setProperty("javax.net.ssl.trustStore", certificationPath);
HttpSolrServer server = new HttpSolrServer("
https://server_ip:8443/solr/solr_test");
query.setHighlight(true).setStart(1);
query.setRows(15);
ModifiableSolrParams paramsDemo = new ModifiableSolrParams();
paramsDemo.add("wt", "json");
paramsDemo.add("indent", "true");
paramsDemo.add("q", "Id:123456");
query.add(paramsDemo);
QueryResponse queryResponse = server.query(query);

Then I tried to disable SSL 3.0 on server by adding
​
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to the Connector in server.xml.
After a restart, my service was running OK and my test code running OK and
https wsdl URLs OK to open in browsers. But, about one hour later, all
above test failed.

*Error message when calling wsdl:*
Exception in thread "main" javax.xml.ws.WebServiceException: Failed to
access the WSDL at: https://server_ip:8443/solr_test_name?wsdl. It failed
with:
Received fatal alert: handshake_failure.
at
com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:151)
at
com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:133)
at
com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:254)
at
com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:217)
at
com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:165)
at
com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:93)
at javax.xml.ws.Service.<init>(Service.java:56)
at com.xxxx.webservice.XXXXService.<init>(XXXXService.java:42)
at com.xxxx.client.Test.main(Test.java:30)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure

*​Error message then calling REST:*
​IOException occured when talking to server at: [MY_REST_SERVICE_ADDRESS]

*Error message when trying to open WSDL URL in browser:*
SSL connection errorUnable to make a secure connection to the server. This
may be a problem with the server, or it may be requiring a client
authentication certificate that you don't have.
Error code: ERR_SSL_PROTOCOL_ERROR
​My question is, after adding ​sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
to the *Connector *in server.xml, is there anything else that I need to do?
Such as:
i) on server side JDK settings with "-D xxxx=xxxx";
ii) on client side with System.setProperties("xxxx","xxxx")?
iii) or anything else?

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message