Hi,
I am looking for help with a strange issue we are experiencing when trying
to use Google APIs from a web application that is deployed on Tomcat 9.0.83.
After a few hours of the server being up and running, all calls to the
Google APIs fail because of SSL handshake errors. Attaching the SSL logs
for your reference.
I see some differences in the ClientHello message. When the handshake
fails, all TLSv1.3 ciphers are ignored, there is no "session id" and
TLSv1.2 is sent as the only supported version.
The Tomcat connector configuration is as follows:
<Connector port="8443"
protocol="com.precisionsoftware.tomcat.Http11Nio2Protocol" proxyPort="443"
SSLEnabled="true"
connectionTimeout="60000"
maxThreads="300"
minSpareThreads="50"
acceptCount="250"
maxKeepAliveRequests="1"
maxPostSize="-1"
relaxedQueryChars='[]|{}^\`"<>'
enableLookups="true"
disableUploadTimeout="true"
URIEncoding="UTF-8"
compression="force"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2+TLSv1.3"
keyAlias="1"
keystoreFile="../wildcard_odqad.pfx"
keystorePass="thepassword"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256"/>
I updated Tomcat to use the most recent native library - 2.0.7 - but that
did not help. Below an extract from the server log.
2024-04-11 02:12:47,507 INFO
[org.apache.catalina.core.AprLifecycleListener:134] (main) Loaded Apache
Tomcat Native library [2.0.7] using APR version [1.7.4].
2024-04-11 02:12:47,507 INFO
[org.apache.catalina.core.AprLifecycleListener:134] (main) APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true], UDS [true].
2024-04-11 02:12:47,507 INFO
[org.apache.catalina.core.AprLifecycleListener:134] (main) APR/OpenSSL
configuration: useAprConnector [false], useOpenSSL [true]
2024-04-11 02:12:47,514 INFO
[org.apache.catalina.core.AprLifecycleListener:370] (main) OpenSSL
successfully initialized [OpenSSL 3.0.13 30 Jan 2024]
I am not very familiar with the SSL handshake process and do not really
understand what can make it stop working.
Thanks,
Marcos
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.402
PDT|Utilities.java:74|the previous server name in SNI (type=host_name (0),
value=oauth2.googleapis.com) was replaced with (type=host_name (0),
value=oauth2.googleapis.com)
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.403
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_AES_256_GCM_SHA384 for TLSv1.2
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.403
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_AES_128_GCM_SHA256 for TLSv1.2
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.403
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_CHACHA20_POLY1305_SHA256 for TLSv1.2
javax.net.ssl|INFO|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.404
PDT|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.404
PDT|SSLExtensions.java:272|Ignore, context unavailable extension:
application_layer_protocol_negotiation
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.404
PDT|SessionTicketExtension.java:408|Stateless resumption supported
javax.net.ssl|ALL|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.404
PDT|SignatureScheme.java:393|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.404
PDT|SignatureScheme.java:393|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.404
PDT|SignatureScheme.java:393|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.404
PDT|SignatureScheme.java:412|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.404
PDT|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.407
PDT|SSLExtensions.java:272|Ignore, context unavailable extension:
renegotiation_info
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.407
PDT|PreSharedKeyExtension.java:661|No session to resume.
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.407
PDT|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.408
PDT|ClientHello.java:641|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" :
"7F2C5D82C8561768B47E7B5CA5C17AD3F7AAC6964904C9AEA4F0CD04344A8917",
"session id" :
"3845452D90A3B35D03AD6F87A554F2749C5CFADE9E2D094B0BB25403D054D2AA",
"cipher suites" : "[TLS_AES_256_GCM_SHA384(0x1302),
TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303),
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C),
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B),
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9),
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030),
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8),
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F),
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F),
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA),
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3),
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E),
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2),
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024),
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B),
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040),
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E),
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032),
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D),
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031),
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026),
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029),
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A),
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013),
TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039),
TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032),
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005),
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F),
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004),
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E),
TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D),
TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C),
TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D),
TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035),
TLS_RSA_WITH_AES_128_CBC_SHA(0x002F),
TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=oauth2.googleapis.com
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048,
ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"session_ticket (35)": {
<empty>
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256,
rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384,
rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.3, TLSv1.2]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256,
rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384,
rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"key_share (51)": {
"client_shares": [
{
"named group": x25519
"key_exchange": {
0000: F9 CA 26 C4 5D E8 01 67 53 6C EB 03 D1 FE B7 42
..&.]..gSl.....B
0010: AF BA 6C ED 90 10 D7 C0 C4 E6 2C 91 4D 26 62 7B
..l.......,.M&b.
}
},
{
"named group": secp256r1
"key_exchange": {
0000: 04 35 9D A2 32 92 15 23 33 32 C9 66 A4 37 DD AC
.5..2..#32.f.7..
0010: 08 3B 64 E5 F6 3C E6 D1 AD 54 55 A6 D8 80 6F 5E
.;d..<...TU...o^
0020: 24 E0 D9 4D 31 F6 B3 DF 53 79 C0 23 12 80 7B 6C
$..M1...Sy.#...l
0030: 16 5D DE 86 B4 82 80 EB 6A 37 41 54 9F 8F 2A 92
.]......j7AT..*.
0040: CA
}
},
]
}
]
}
)
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.430
PDT|ServerHello.java:888|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" :
"58105A7405513098EF0A30B503739066AEBE7622C635A280FEF8FC48DC5B20C3",
"session id" :
"3845452D90A3B35D03AD6F87A554F2749C5CFADE9E2D094B0BB25403D054D2AA",
"cipher suite" : "TLS_AES_256_GCM_SHA384(0x1302)",
"compression methods" : "00",
"extensions" : [
"key_share (51)": {
"server_share": {
"named group": x25519
"key_exchange": {
0000: 9E 66 FD 1A 99 43 34 D9 5A 43 2F 0C 03 06 1F F3
.f...C4.ZC/.....
0010: 47 2B F1 FD 6A 7D 62 D4 3F F2 6B 91 AD 24 E2 74
G+..j.b.?.k..$.t
}
},
},
"supported_versions (43)": {
"selected version": [TLSv1.3]
}
]
}
)
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.430
PDT|SSLExtensions.java:204|Consumed extension: supported_versions
javax.net.ssl|DEBUG|B4|https-openssl-nio2-8443-exec-7|2024-04-10 04:21:17.430
PDT|ServerHello.java:984|Negotiated protocol version: TLSv1.3javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.283
PDT|Utilities.java:74|the previous server name in SNI (type=host_name (0),
value=oauth2.googleapis.com) was replaced with (type=host_name (0),
value=oauth2.googleapis.com)
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.283
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.283
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.283
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.283
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.283
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_DHE_DSS_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_RSA_WITH_AES_256_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_RSA_WITH_AES_128_CBC_SHA for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:298|Ignore unsupported cipher suite:
TLS_EMPTY_RENEGOTIATION_INFO_SCSV for TLSv1.3
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|HandshakeContext.java:305|No available cipher suite for TLSv1.3
javax.net.ssl|INFO|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|AlpnExtension.java:182|No available application protocols
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|SSLExtensions.java:272|Ignore, context unavailable extension:
application_layer_protocol_negotiation
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|SessionTicketExtension.java:408|Stateless resumption supported
javax.net.ssl|ALL|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|SignatureScheme.java:393|Ignore unsupported signature scheme: ecdsa_sha224
javax.net.ssl|ALL|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|SignatureScheme.java:393|Ignore unsupported signature scheme: rsa_sha224
javax.net.ssl|ALL|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|SignatureScheme.java:393|Ignore unsupported signature scheme: dsa_sha224
javax.net.ssl|ALL|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|SignatureScheme.java:412|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|SSLExtensions.java:272|Ignore, context unavailable extension:
renegotiation_info
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.284
PDT|ClientHello.java:641|Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" :
"DC2CC9DC0C6BDF8166D0A7B3F8D7461415D5DB4CBCF9AE1582CDE906AA5FD3DA",
"session id" : "",
"cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024),
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028),
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027),
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030),
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3),
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F),
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2),
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A),
TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033),
TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032),
TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035),
TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F),
TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" : [
"server_name (0)": {
type=host_name (0), value=oauth2.googleapis.com
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"supported_groups (10)": {
"versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048,
ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"status_request_v2 (17)": {
"cert status request": {
"certificate status type": ocsp_multi
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
}
},
"extended_master_secret (23)": {
<empty>
},
"session_ticket (35)": {
<empty>
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256,
rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384,
rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
},
"supported_versions (43)": {
"versions": [TLSv1.2]
},
"signature_algorithms_cert (50)": {
"signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384,
ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256,
rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256,
rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384,
rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
}
]
}
)
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.298
PDT|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|ERROR|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.299
PDT|TransportContext.java:370|Fatal (HANDSHAKE_FAILURE): Received fatal alert:
handshake_failure (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
at
java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:204)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510)
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at
java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:589)
at
java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1430)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1401)
at
java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:220)
at
com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:113)
at
com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:84)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1012)
at
com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:538)
at
com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:269)
at
com.google.auth.oauth2.OAuth2Credentials$1.call(OAuth2Credentials.java:266)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
com.google.auth.oauth2.OAuth2Credentials$RefreshTask.run(OAuth2Credentials.java:633)
at
com.google.common.util.concurrent.DirectExecutor.execute(DirectExecutor.java:31)
at
com.google.auth.oauth2.OAuth2Credentials$AsyncRefreshResult.executeIfNew(OAuth2Credentials.java:581)
at
com.google.auth.oauth2.OAuth2Credentials.asyncFetch(OAuth2Credentials.java:232)
at
com.google.auth.oauth2.OAuth2Credentials.getRequestMetadata(OAuth2Credentials.java:182)
at
com.google.auth.oauth2.ServiceAccountCredentials.getRequestMetadata(ServiceAccountCredentials.java:938)
at
com.google.auth.http.HttpCredentialsAdapter.initialize(HttpCredentialsAdapter.java:96)
at
com.google.cloud.http.HttpTransportOptions$1.initialize(HttpTransportOptions.java:159)
at
com.google.api.client.http.HttpRequestFactory.buildRequest(HttpRequestFactory.java:91)
at
com.google.api.client.googleapis.services.AbstractGoogleClientRequest.buildHttpRequest(AbstractGoogleClientRequest.java:442)
at
com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:552)
at
com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:493)
at
com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:603)
at
com.google.cloud.translate.spi.v2.HttpTranslateRpc.translate(HttpTranslateRpc.java:112)
at
com.google.cloud.translate.TranslateImpl$4.call(TranslateImpl.java:124)
at
com.google.cloud.translate.TranslateImpl$4.call(TranslateImpl.java:121)
at
com.google.api.gax.retrying.DirectRetryingExecutor.submit(DirectRetryingExecutor.java:103)
at com.google.cloud.RetryHelper.run(RetryHelper.java:76)
at com.google.cloud.RetryHelper.runWithRetries(RetryHelper.java:50)
at
com.google.cloud.translate.TranslateImpl.translate(TranslateImpl.java:120)
at
com.google.cloud.translate.TranslateImpl.translate(TranslateImpl.java:138)
at
com.precisionsoftware.trax.service.translation.Translator.convert(Translator.java:60)
at
com.precisionsoftware.trax.service.translation.Transliterator.transliterateToAnyLanguage(Transliterator.java:63)
at
com.precisionsoftware.trax.service.translation.Transliterator.transliterate(Transliterator.java:40)
at
com.precisionsoftware.compliance.engine.ComplianceUtils.translateParty(ComplianceUtils.java:4076)
at
com.precisionsoftware.trax.app.controller.compliance.ComplianceAdHocController.getParty(ComplianceAdHocController.java:1172)
at
com.precisionsoftware.trax.app.controller.compliance.ComplianceAdHocController.runChecks(ComplianceAdHocController.java:593)
at
com.precisionsoftware.trax.app.controller.compliance.ComplianceAdHocController.checkCompliance(ComplianceAdHocController.java:295)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at
com.precisionsoftware.controller.multiaction.PrecisionAbstractController.invokeNamedMethod(PrecisionAbstractController.java:137)
at
com.precisionsoftware.controller.multiaction.PrecisionAbstractController.handleRequestInternal(PrecisionAbstractController.java:83)
at jdk.internal.reflect.GeneratedMethodAccessor574.invoke(Unknown
Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at
org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
at
org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
at
org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1072)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:965)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:555)
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at
org.apache.catalina.filters.ExpiresFilter.doFilter(ExpiresFilter.java:1192)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at com.precisionsoftware.security.XssFilter.doFilter(XssFilter.java:36)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at
com.precisionsoftware.trax.web.filter.TraxSessionFilter.preDoFilter(TraxSessionFilter.java:270)
at
com.precisionsoftware.trax.web.filter.TraxSessionFilter.doFilter(TraxSessionFilter.java:221)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:337)
at
com.precisionsoftware.security.TraxPermissionInterceptorFilter.invoke(TraxPermissionInterceptorFilter.java:117)
at
com.precisionsoftware.security.TraxPermissionInterceptorFilter.doFilter(TraxPermissionInterceptorFilter.java:96)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at
org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:205)
at
org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:167)
at
com.precisionsoftware.security.TraxLogoutProcessingFilter.doFilter(TraxLogoutProcessingFilter.java:208)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:219)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:213)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:219)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:213)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:219)
at
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:213)
at
com.precisionsoftware.security.TraxJaasAuthenticationProcessingFilter.doFilter(TraxJaasAuthenticationProcessingFilter.java:14)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346)
at
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221)
at
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at
com.precisionsoftware.security.DisableUrlSessionFilter.doFilter(DisableUrlSessionFilter.java:157)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:102)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at
com.precisionsoftware.trax.web.filter.EncodingFilter.doFilter(EncodingFilter.java:39)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:928)
at
org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1732)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at
org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:1295)
at
org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:104)
at
org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:97)
at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:129)
at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:221)
at
java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:113)
at
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:840)}
)
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.299
PDT|SSLSocketImpl.java:1759|close the underlying socket
javax.net.ssl|DEBUG|56|https-openssl-nio2-8443-exec-33|2024-04-10 06:14:09.299
PDT|SSLSocketImpl.java:1785|close the SSL connection (passive)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
