tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat) ...@ice-sa.com>
Subject Re: AW: Outbound SSL?
Date Fri, 31 May 2019 17:50:04 GMT
On 31.05.2019 18:12, James H. H. Lampert wrote:
> Thanks.
>
> We think that the customer has solved the cipher problem, because, at least as of when
I
> checked on Wednesday, that error message was no longer appearing.
>
> Yet they're still not connecting. I can *ping* maps.googleapis.com from their box, with
no
> trouble whatsoever,

That is perhaps because "ping" does not use TCP/IP, it uses another protocol called ICMP,

which is (a) connection-less and (b) not usually blocked by firewalls.
At least, this shows that the DNS part is working correctly, and that the customer's host

has a "route" to that server.
But for example, if the server (or a firewall) blocked connections to the port which the 
webapp is trying to reach, you would still get the problem below. (Or if the server simply

is not listening on that port).

But when the webapp tries to connect, it gets
>> java.net.ConnectException: Failed to connect to
>> maps.googleapis.com/2607:f8b0:4009:807:0:0:0:200a:443
>
> And the really weird part is that none of the messages in the resulting stacktrace appear
> to refer to any of our classes, or to any classes that appear to have anything to do
with
> Tomcat.
>

This is not so weird, if that webapp (as is likely) contains its own classes to make the 
connection that /it/ tries to make to the Google server.
I believe that someone mentioned before, that Tomcat does not contain any class for making

outbound connections to another server.
The connection is thus (probably, at a lower level) made by classes belonging to the JVM 
which you are using to run Tomcat (like the "java.net.ConnectException" above). In any 
case, Tomcat itself has no role in it.

The problem seems to be with the webapp, and you would have more luck trying to get 
information from whoever supplied that webapp.  Maybe it has some parameter to increase 
its log level, which may tell you in the log the details of why it cannot establish a TCP

connection with the Google server.
(Who knows, the customer server IP may even be blacklisted by Google..)


> --
> JHHL
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message