tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sol myr <>
Subject Re: SSL and 408 error code (incomplete request)
Date Thu, 01 Aug 2013 08:15:01 GMT
Thanks very much for this detailed answer.
We don't see a reason for the client to delay data sending (request is small and unconditional,
network is stable with no firewalls in the middle).
So given your helpful explanation, we'll also ask in the Chrome forums :)
thanks again

----- Original Message -----
From: André Warnier <>
To: Tomcat Users List <>
Sent: Thursday, August 1, 2013 1:56 AM
Subject: Re: SSL and 408 error code (incomplete request)

sol myr wrote:
> Hi,
> Has anyone happened to stumble onto this issue, please:
> Our Ajax works perfectly as long as its non-secure.
> However, when switching to SSL we sometimes see 408 errors (incomplete request). This
only happens on ajax, and inconsistently (similar requests might succeed on one moment, but
fail on the other).
> Please note:
> 1. Our client is Chrome browser, using JQuery for ajax
> 2. Server is Tomcat 7
> 3. Network is fast and stable, and the ajax requests are small
> 4. Problem occurs for both our connectors: APR and Http (both with SSL enabled) 
> 5. Our x509 certificate is valid (otherwise it would have failed on *all* ajax ssl requests,
not to mention the non-ajax ssl)
The HTTP RFC 2616 states :

10.4 Client Error 4xx

The 4xx class of status code is intended for cases in which the client seems to have erred.


10.4.9 408 Request Timeout

The client did not produce a request within the time that the server was prepared to wait.

The client MAY repeat the request without modifications at any later time.

On the face of it thus (and barring some real bug in Tomcat), this looks like a client 
error, scenario :
- the client opens a TCP connection to the server, with the purpose of sending a request 
on that connection
- but then the client fails to send a request on that connection, for a time sufficient 
for the server to declare a "time-out" (or takes an inordinate amount of time to send the

request line - such as in one kind of DOS attack).

Any idea why some of your client requests may have such a behaviour ?

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message