tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Connection reset while trying to access a web service running under Tomcat
Date Fri, 24 Feb 2017 16:56:38 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

André,

On 2/23/17 7:08 PM, André Warnier (tomcat) wrote:
> On 24.02.2017 00:57, James H. H. Lampert wrote:
>> On 2/23/17, 3:13 PM, André Warnier (tomcat) wrote:
>>> It seems to say right up here what the problem is : the
>>> customer system cannot establish a HTTPS connection with your
>>> server. The connection attempt starts, but then your server
>>> rejects it and closes the connection. Maybe they cannot agree
>>> on a common SSL protocol ?
>> . . .
>> 
>> Is there a diagnostic setting I can apply to the Tomcat server,
>> that would shed any light on what's happening?
>> 
> 
> Probably, if you set the log level high enough. Unfortunately, the 
> tomcat logging configuration is also not really my thing. One
> expert in these matters on this list is Christopher, but he seems
> to get list emails after some delay.

High praise. My delays are usually self-imposed. :)

> So have a little patience, and you'll probably be helped.
> 
> In the meantime, there is always the helpful on-line tomcat 
> documentation which you could try. 
> http://tomcat.apache.org/tomcat-8.0-doc/logging.html

You need to enable logging at a lower level than this if a TLS
connection is failing. Tomcat doesn't get any indication that anyone
even tried to make a connection if the TLS handshake fails.

James, are you using APR/tcnative/OpenSSL or JSSE? With JSSE, you can
enable logging with the system property "-Djavax.net.debug=all"
(without quotes, of course). Beware: this will produce ENORMOUS
amounts of debugging output. Don't put it into production... just
set-up a test server within the same environment and try to make
connections.

Back to the original report... is this a single client that
*sometimes* gets connection resets or is it multiple clients, some of
which always get resets and other clients are okay? If it's one
client, do they have multiple boxes/client services, etc. that can be
identified as "always working" or "always failing", or is this all
totally intermittent?

Finally... what's the underlying protocol? Plain-old HTTP or
Websocket? I guess you are getting reset-on-connect and not
reset-during-communication, so the underlying protocol might not
matter at all.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYsGXGAAoJEBzwKT+lPKRYCpcP/1liYo5BOSR7cyb7kKYBmnfC
WA3V8Faw8IXZGeeEwFGVEYB8HAa+jnivX8nlYSf8q6pU/FBA5KuO4fVAZJchOLB4
I+DC83+FjciMXcgklYIt+i8IVlw3wQssriMgEDG/xhoQB7i+NPRp66RBvZ/+OEhu
iyY1nndw8SU+RvQAz97r8GcUNz5eTfqxJmt030D/K72oHdoLjSLjLUD3rze/0/wm
9AysEEEYwck8rzq3WrYKXhBbxCkor+rKt24ZT1zAzLqfNMXWLko0MMn+el3ChuDf
2dLRGThq6itu08Pq3neiUu7jC1Cx9XUen8MozSe4dGL2snG8/lAxuq2j3S7i8/b1
mq4yzyVDZqsaBm8Ctnb95nFf4KeTbG0HUxMUPNbzHaOSJKknrYg4NWNSstT4d2Bk
b9kDx7ue7LhxWoaekp8d9CvBrMwMv6P5bVb994Z6onfGOSatilgUrZW8zOmfxTJD
OwWpwDGPw5rse4r+PudPkX3iKjFtejKzsmExI+89AwbQD8R/bBNL3sN4Jm5fY+Gz
4pYGICiEGzxlpJyvtYaIZtmUvubyj8RQ3dKNbkpziPXY3r8q7M18VVMQIVp59P5J
3yVnJUWdDTHMFNIuI8wVwE4VXgf3yO13MlnVQvWdhc/TVcrlAgwWw0QT3RdcS8Y5
fEQc0kmhPkKioZOcFJce
=p7IF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message