tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rémy Maucherat <r...@apache.org>
Subject Re: Tomcat 9 Nio2+OpenSSL problem (very likely a bug)
Date Tue, 19 Mar 2019 14:00:30 GMT
On Mon, Mar 18, 2019 at 4:44 PM Igor T <igor.tymoshchuk@gmail.com> wrote:

> > Since 9.0.12 and 16 do the same, I wouldn't look at that at all.
> Something
> > simple like this works in the general case, there must be something
> > specific here. So it's Windows, which some unspecified OpenSSL version.
> >
> > Rémy
>
> That's not right. After many tests I've found out that 9.0.12 build
> comes with [OpenSSL 1.0.2o  27 Mar 2018], while 9.0.16 comes with
> [OpenSSL 1.1.1a  20 Nov 2018].
> The problem was localized to OpenSSL 1.1.1a on Nio2.
> Also it became clear that establishing of connection takes more time
> with OpenSSL 1.1.1a on Nio.
> So it looks like OpenSSL 1.1.1a build is much less optimized and buggy.
>
> So the question is: how to change OpenSSL version that is shipped with
> the latest tomcat build back to 1.0.2?
> Any feedback appreciated.
>

Ok, thanks for the information. The code has been updated for TLS 1.3 when
using OpenSSL 1.1.1, so there are significant changes in all components. We
will investigate.

Rémy


>
>
>
> Detailed test results:
>
> The problem exist:
> Apache Tomcat 9.0.16/Http11Nio2Protocol/OpenSSL 1.1.1a
>     18-Mar-2019 14:34:54.103 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
> APR based Apache Tomcat Native library [1.2.21] using APR version
> [1.6.5].
>     18-Mar-2019 14:34:54.103 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true].
>     18-Mar-2019 14:34:54.103 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
>     18-Mar-2019 14:34:54.103 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
> successfully initialized [OpenSSL 1.1.1a  20 Nov 2018]
>     18-Mar-2019 14:34:54.306 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio2-80"]
>     18-Mar-2019 14:34:54.353 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-openssl-nio2-443"]
>     18-Mar-2019 14:34:54.947 INFO [main]
> org.apache.catalina.startup.Catalina.load Server initialization in
> [1,516] milliseconds
>     18-Mar-2019 14:34:54.994 INFO [main]
> org.apache.catalina.core.StandardService.startInternal Starting
> service [Catalina]
>     18-Mar-2019 14:34:54.994 INFO [main]
> org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
> engine: [Apache Tomcat/9.0.16]
>     success: 1, read 73 bytes for: 125ms
>     denial: 1, Connection reset
>     success: 2, read 73 bytes for: 94ms
>     denial: 2, Connection reset
>     success: 3, read 73 bytes for: 93ms
>     denial: 3, Connection reset
>     success: 4, read 73 bytes for: 78ms
>     denial: 4, Connection reset
>     success: 5, read 73 bytes for: 94ms
>     denial: 5, Connection reset
>
> Apache Tomcat 9.0.17/Http11Nio2Protocol/OpenSSL 1.1.1a
>     18-Mar-2019 14:41:46.708 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
> APR based Apache Tomcat Native library [1.2.21] using APR version
> [1.6.5].
>     18-Mar-2019 14:41:46.708 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true].
>     18-Mar-2019 14:41:46.708 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
>     18-Mar-2019 14:41:46.724 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
> successfully initialized [OpenSSL 1.1.1a  20 Nov 2018]
>     18-Mar-2019 14:41:46.896 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio2-80"]
>     18-Mar-2019 14:41:46.912 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-openssl-nio2-443"]
>     18-Mar-2019 14:41:47.443 INFO [main]
> org.apache.catalina.startup.Catalina.load Server initialization in
> [1,335] milliseconds
>     18-Mar-2019 14:41:47.474 INFO [main]
> org.apache.catalina.core.StandardService.startInternal Starting
> service [Catalina]
>     18-Mar-2019 14:41:47.474 INFO [main]
> org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
> engine: [Apache Tomcat/9.0.17]
>     success: 1, read 73 bytes for: 78ms
>     denial: 1, Connection reset
>     success: 2, read 73 bytes for: 93ms
>     denial: 2, Connection reset
>     success: 3, read 73 bytes for: 78ms
>     denial: 3, Connection reset
>     success: 4, read 73 bytes for: 94ms
>     denial: 4, Connection reset
>     success: 5, read 73 bytes for: 78ms
>     denial: 5, Connection reset
>
>
> The problem does not exist:
> Apache Tomcat 9.0.12/Http11Nio2Protocol/OpenSSL 1.0.2o
>     18-Mar-2019 14:30:21.917 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
> APR based Apache Tomcat Native library [1.2.17] using APR version
> [1.6.3].
>     18-Mar-2019 14:30:21.917 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true].
>     18-Mar-2019 14:30:21.917 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
>     18-Mar-2019 14:30:22.932 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
> successfully initialized [OpenSSL 1.0.2o  27 Mar 2018]
>     18-Mar-2019 14:30:23.135 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio2-80"]
>     18-Mar-2019 14:30:23.167 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-openssl-nio2-443"]
>     18-Mar-2019 14:30:24.059 INFO [main]
> org.apache.catalina.startup.Catalina.load Initialization processed in
> 2763 ms
>     18-Mar-2019 14:30:24.135 INFO [main]
> org.apache.catalina.core.StandardService.startInternal Starting
> service [Catalina]
>     18-Mar-2019 14:30:24.135 INFO [main]
> org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
> Engine: Apache Tomcat/9.0.12
>     success: 1, read 73 bytes for: 125ms
>     success: 2, read 73 bytes for: 78ms
>     success: 3, read 73 bytes for: 78ms
>     success: 4, read 73 bytes for: 78ms
>     success: 5, read 73 bytes for: 93ms
>     success: 6, read 73 bytes for: 78ms
>     success: 7, read 73 bytes for: 94ms
>     success: 8, read 73 bytes for: 78ms
>     success: 9, read 73 bytes for: 94ms
>     success: 10, read 73 bytes for: 94ms
>
> Apache Tomcat 9.0.12/Http11NioProtocol/OpenSSL 1.0.2o
>     18-Mar-2019 14:31:42.476 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
> APR based Apache Tomcat Native library [1.2.17] using APR version
> [1.6.3].
>     18-Mar-2019 14:31:42.476 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true].
>     18-Mar-2019 14:31:42.476 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
>     18-Mar-2019 14:31:43.492 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
> successfully initialized [OpenSSL 1.0.2o  27 Mar 2018]
>     18-Mar-2019 14:31:43.726 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio2-80"]
>     18-Mar-2019 14:31:43.758 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-openssl-nio-443"]
>     18-Mar-2019 14:31:44.336 INFO [main]
> org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
> shared selector for servlet write/read
>     18-Mar-2019 14:31:44.351 INFO [main]
> org.apache.catalina.startup.Catalina.load Initialization processed in
> 2483 ms
>     18-Mar-2019 14:31:44.383 INFO [main]
> org.apache.catalina.core.StandardService.startInternal Starting
> service [Catalina]
>     18-Mar-2019 14:31:44.383 INFO [main]
> org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
> Engine: Apache Tomcat/9.0.12
>     success: 1, read 73 bytes for: 109ms
>     success: 2, read 73 bytes for: 78ms
>     success: 3, read 73 bytes for: 78ms
>     success: 4, read 73 bytes for: 94ms
>     success: 5, read 73 bytes for: 78ms
>     success: 6, read 73 bytes for: 78ms
>     success: 7, read 73 bytes for: 78ms
>     success: 8, read 73 bytes for: 78ms
>     success: 9, read 73 bytes for: 78ms
>     success: 10, read 73 bytes for: 94ms
>
> Apache Tomcat 9.0.16/Http11NioProtocol/OpenSSL 1.1.1a
>     18-Mar-2019 14:37:12.000 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
> APR based Apache Tomcat Native library [1.2.21] using APR version
> [1.6.5].
>     18-Mar-2019 14:37:12.000 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true].
>     18-Mar-2019 14:37:12.000 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
>     18-Mar-2019 14:37:12.000 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
> successfully initialized [OpenSSL 1.1.1a  20 Nov 2018]
>     18-Mar-2019 14:37:12.203 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio2-80"]
>     18-Mar-2019 14:37:12.219 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-openssl-nio-443"]
>     18-Mar-2019 14:37:12.797 INFO [main]
> org.apache.catalina.startup.Catalina.load Server initialization in
> [1,497] milliseconds
>     18-Mar-2019 14:37:12.844 INFO [main]
> org.apache.catalina.core.StandardService.startInternal Starting
> service [Catalina]
>     18-Mar-2019 14:37:12.844 INFO [main]
> org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
> engine: [Apache Tomcat/9.0.16]
>     success: 1, read 73 bytes for: 78ms
>     success: 2, read 73 bytes for: 218ms
>     success: 3, read 73 bytes for: 203ms
>     success: 4, read 73 bytes for: 203ms
>     success: 5, read 73 bytes for: 203ms
>     success: 6, read 73 bytes for: 203ms
>     success: 7, read 73 bytes for: 203ms
>     success: 8, read 73 bytes for: 202ms
>     success: 9, read 73 bytes for: 187ms
>     success: 10, read 73 bytes for: 187ms
>
> Apache Tomcat 9.0.17/Http11NioProtocol/OpenSSL 1.1.1a
>     18-Mar-2019 14:40:17.879 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
> APR based Apache Tomcat Native library [1.2.21] using APR version
> [1.6.5].
>     18-Mar-2019 14:40:17.879 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true].
>     18-Mar-2019 14:40:17.879 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
>     18-Mar-2019 14:40:17.926 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
> successfully initialized [OpenSSL 1.1.1a  20 Nov 2018]
>     18-Mar-2019 14:40:18.098 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio2-80"]
>     18-Mar-2019 14:40:18.129 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-openssl-nio-443"]
>     18-Mar-2019 14:40:18.645 INFO [main]
> org.apache.catalina.startup.Catalina.load Server initialization in
> [1,449] milliseconds
>     18-Mar-2019 14:40:18.692 INFO [main]
> org.apache.catalina.core.StandardService.startInternal Starting
> service [Catalina]
>     18-Mar-2019 14:40:18.692 INFO [main]
> org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
> engine: [Apache Tomcat/9.0.17]
>     success: 1, read 73 bytes for: 109ms
>     success: 2, read 73 bytes for: 218ms
>     success: 3, read 73 bytes for: 203ms
>     success: 4, read 73 bytes for: 203ms
>     success: 5, read 73 bytes for: 187ms
>     success: 6, read 73 bytes for: 203ms
>     success: 7, read 73 bytes for: 187ms
>     success: 8, read 73 bytes for: 187ms
>     success: 9, read 73 bytes for: 203ms
>     success: 10, read 73 bytes for: 203ms
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message