tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Tagging Tomcat Native 1.2.19
Date Fri, 23 Nov 2018 14:50:26 GMT
Am 23.11.2018 um 14:54 schrieb Mark Thomas:
> Hi all,
> 
> Given bugs 62662 and  62944, I plan to tag 1.2.19 early next week with a
> view to including 1.2.19 in the next round of Tomcat releases.

I observed a problem with TLS 1.0 under the following conditions:

- using 9.0.13 with NIO plus tcnative 1.2 head build against OpenSSL 1.1.1a
- in combination with clients that also are based on OpenSSL (but even 
for older OpenSSL version like 1.0.2) and try to use TLS 1.0. The 
handshake works, but then the request times out after a minute. Observed 
for curl and "openssl s_client".

 From the server Logs:

2018-11-23 14:48:47,494 42891 DEBUG [https-openssl-nio-8143-exec-2] 
org.apache.tomcat.util.modeler.modules.MbeansDescriptorsIntrospectionSource 
(MbeansDescriptorsIntrospectionSource.java:326) - Introspected attribute 
currentUri public java.lang.String 
org.apache.coyote.RequestInfo.getCurrentUri() null
2018-11-23 14:48:47,494 42891 DEBUG [https-openssl-nio-8143-exec-2] 
org.apache.tomcat.util.modeler.modules.MbeansDescriptorsIntrospectionSource 
(MbeansDescriptorsIntrospectionSource.java:326) - Introspected attribute 
lastRequestProcessingTime public long 
org.apache.coyote.RequestInfo.getLastRequestProcessingTime() public void 
org.apache.coyote.RequestInfo.setLastRequestProcessingTime(long)
2018-11-23 14:48:47,494 42891 DEBUG [https-openssl-nio-8143-exec-2] 
org.apache.tomcat.util.modeler.modules.MbeansDescriptorsIntrospectionSource 
(MbeansDescriptorsIntrospectionSource.java:326) - Introspected attribute 
errorCount public int org.apache.coyote.RequestInfo.getErrorCount() 
public void org.apache.coyote.RequestInfo.setErrorCount(int)
2018-11-23 14:48:47,494 42891 DEBUG [https-openssl-nio-8143-exec-2] 
org.apache.tomcat.util.modeler.modules.MbeansDescriptorsIntrospectionSource 
(MbeansDescriptorsIntrospectionSource.java:359) - Setting name: 
org.apache.coyote.RequestInfo
2018-11-23 14:48:47,495 42892 DEBUG [https-openssl-nio-8143-exec-2] 
org.apache.tomcat.util.modeler.BaseModelMBean (BaseModelMBean.java:887) 
- preRegister org.apache.coyote.RequestInfo@5750c763 
Catalina:type=RequestProcessor,worker="https-openssl-nio-8143",name=HttpRequest1
2018-11-23 14:48:47,496 42893 DEBUG [https-openssl-nio-8143-exec-2] 
org.apache.tomcat.util.net.SocketWrapperBase 
(SocketWrapperBase.java:333) - Socket: 
[org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@5761c8c:org.apache.tomcat.util.net.SecureNioChannel@87dd2cc:java.nio.channels.SocketChannel[connected

local=/0:0:0:0:0:0:0:1:8143 remote=/0:0:0:0:0:0:0:1:42343]], Read from 
buffer: [0]
2018-11-23 14:48:47,497 42894 DEBUG [https-openssl-nio-8143-exec-2] 
org.apache.tomcat.util.net.NioEndpoint (NioEndpoint.java:1144) - Socket: 
[org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@5761c8c:org.apache.tomcat.util.net.SecureNioChannel@87dd2cc:java.nio.channels.SocketChannel[connected

local=/0:0:0:0:0:0:0:1:8143 remote=/0:0:0:0:0:0:0:1:42343]], Read direct 
from socket: [0]
2018-11-23 14:48:47,498 42895 DEBUG [https-openssl-nio-8143-exec-2] 
org.apache.coyote.http11.Http11Processor 
(AbstractProcessorLight.java:74) - Socket: 
[org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper@5761c8c:org.apache.tomcat.util.net.SecureNioChannel@87dd2cc:java.nio.channels.SocketChannel[connected

local=/0:0:0:0:0:0:0:1:8143 remote=/0:0:0:0:0:0:0:1:42343]], Status in: 
[OPEN_READ], State out: [OPEN]
2018-11-23 14:48:47,498 42895 DEBUG [https-openssl-nio-8143-exec-2] 
org.apache.coyote.http11.Http11NioProtocol (AbstractProtocol.java:981) - 
Pushed Processor [org.apache.coyote.http11.Http11Processor@54ccb89e]

... hang ...

2018-11-23 14:49:47,579 102976 DEBUG [https-openssl-nio-8143-exec-3] 
org.apache.coyote.http11.Http11NioProtocol (AbstractProtocol.java:697) - 
Processing socket 
[org.apache.tomcat.util.net.SecureNioChannel@87dd2cc:java.nio.channels.SocketChannel[connected

local=/0:0:0:0:0:0:0:1:8143 remote=/0:0:0:0:0:0:0:1:42343]] with status 
[ERROR]
2018-11-23 14:49:47,579 102976 DEBUG [https-openssl-nio-8143-exec-3] 
org.apache.coyote.http11.Http11NioProtocol (AbstractProtocol.java:709) - 
Found processor [null] for socket 
[org.apache.tomcat.util.net.SecureNioChannel@87dd2cc:java.nio.channels.SocketChannel[connected

local=/0:0:0:0:0:0:0:1:8143 remote=/0:0:0:0:0:0:0:1:42343]]
2018-11-23 14:49:47,581 102978 DEBUG [https-openssl-nio-8143-exec-3] 
org.apache.tomcat.util.threads.LimitLatch (LimitLatch.java:128) - 
Counting down[https-openssl-nio-8143-exec-3] latch=1
2018-11-23 14:49:47,581 102978 DEBUG [https-openssl-nio-8143-exec-3] 
org.apache.tomcat.util.net.NioEndpoint (NioEndpoint.java:475) - Socket: 
[org.apache.tomcat.util.net.SecureNioChannel@87dd2cc:java.nio.channels.SocketChannel[closed]]

closed

The client shows the handshake t finish, but then the actual 
request/response exchange hangs.

The problem does not occur when using platform curl on RHEL (based on 
NSS instead of OpenSSL) and also not when using a Java 8 client. It also 
does not occur, when building tcnative against OpenSSL 1.0.2q.

The problem happens independent of whether I only allow "TLSv1" as 
protocols in SSLHostConfig or try with the default "all".

I will try to check against an OpenSSL 1.1.1a based Apache web server to 
see, whether the hangs happen there too. If not, we might be able to 
compare code.

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message