tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex O'Ree" <alexo...@apache.org>
Subject Re: intermittent connectivity failure under ssl
Date Fri, 09 Mar 2018 20:18:06 GMT
I'll see what I can cook up. It'll be a complete tomcat setup and it was
reproducible with just a hello world jsp file + test ssl certs and configs.
Using any browser or java client connecting to tomcat. Page reloads are
intermittently failing.  Where's the best place to dump this? And
obviously, you'll need a windows box to replicate (x64)

On Fri, Mar 9, 2018 at 3:01 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Alex,
>
> On 3/9/18 2:50 PM, Mark Thomas wrote:
> > On 09/03/18 19:39, Alex O'Ree wrote:
> >> So I believe i have a resolution for this issue (still
> >> undergoing additional testing). I hate SSL by the way. After
> >> exhaustive scanning of the java.net.debug logs i came up with
> >> nothing. 0 hints to the problem. I tried with browsers and java
> >> http clients and all of them ended with a socket exception
> >> (unexpected end of file). Did i mention i'm using the windows
> >> variant of tomcat 8.5.28? On a whim, I asked a coworker who has
> >> been using tomcat for quite some time. He suggested that issue
> >> may be related to OpenSSL. After checking the configs and reading
> >> the docs here:
> >> http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomca
> t_Configuration_File
> >>
> >>
> for my setup, it was defaulting to use open ssl since it was not defined
>  in
> >> the config file. After changing the JSSEImplementation my
> >> problems appear to be sorted. Literally 3 months trying to solve
> >> this one. Whatever version of open ssl that comes with the
> >> windows build of tomcat has something wrong with it.
> >
> > Unlikely.
> >
> > More likely is that there is a bug in the APR/Native connector. But
> > with a reliable way to reproduce the problem, we'll never know.
>
> If you are willing to see if you can come up with a repeatable test
> case, it would be VERY helpful. Mark has a knack for finding and
> fixing irritating bugs like this in the connector very quickly, but
> not if he can't see the problem happen.
>
> I'd certainly like to see any issue with the native library (or its
> use of OpenSSL) found and fixed for everyone's sake.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqi6CsACgkQHPApP6U8
> pFjQCw//cTuR+GNMMG/cdhyZ09+bWd6NPDdAdc8/poIPrBoKgz7LbSPiWa5QzZBa
> VlOyRmfHizZPCUslmxxJUEUI45vLzHePmetUQaOfAfLp1QQEnQXnQFtL7/x4/RG8
> TZJLOBud708YSDFKQesHQSxd424+ZFXgn6kGpUXKNRIqkqtlmiVFPQ0uatqNUQTF
> htMcMOhL3cxAXOEqkJL7HAEFnJAR1Q9A1itG2nk2hk2yn0wa2aQxQxp5EEa/Gwts
> +7XgZAiHTxvptJSd7lKpvG3l8wi//aC4JMQQZi9WgJf/+pK3HL5PZ55R52uojB+i
> IVUFOMM/gTavyMrHPvLWNUF2AITzXmov85ZJmRZdOsBT4WaUMr4XawFViktoeJMq
> aQonhP5RCOvWLnKHqxmTShExezV9gs+HgmxSRCVCNF0dqVFIa/X3rm/i/pfJJXCe
> IaXJTMRizpKlQfYz5zrptTUzJ0sfRqxL8WEjz6C4Z1FEOeIqW04V4UsVH2Hz5BUO
> WPBjWq807WjeEcpvwE6YkxcHitXIlof9GcCIFWKE6ub0GOI1QSWHWAOIraHSK8OZ
> jWonnzE/FWojuiK4Ntbx0JrWGgIkXMhBprkHI1WRMk+nbHqT64xYQkhDYl//j5rq
> Va3eZ3gz1yYt4D/Qi8q7lxhqLfe8cNkJeO3gCoPJLuKl+lISTSE=
> =neYx
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message