Re: Tomcat 9.0.81 Degraded ssl performance

[i...@flyingfischer.ch]

Am 12.10.23 um 03:01 schrieb Paul Zepernick:

Thank you Chuck

Paul

From: Chuck Caldarale 
Sent: Wednesday, October 11, 2023 8:54:59 PM
To: Tomcat Users List 
Subject: Re: Tomcat 9.0.81 Degraded ssl performance

NOTICE: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.


On Oct 11, 2023, at 19:44, Paul Zepernick  
wrote:

Tomcat Version: 9.0.81
OS: Windows Server 2016

We recently patched one of our QA servers to test 9.0.81 and ran into 
performance issues.  Page loads that normally take 1-2 seconds are now taking 
50-60 seconds.  We were finally able to narrow the issue down to the SSL 
connector.  Adding an HTTP connector and bypassing ssl resolves the performance 
issue.  We have also tested rolling back to 9.0.80 with the same configuration 
and verified the issue does not exist.


This was due to a regression introduced in 9.0.81, as noted here: 
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbz.apache.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D67670=05%7C01%7CPaul.Zepernick%40healthsmart.com%7C6873588541c945dc808a08dbcabde7eb%7C2ce547c5e80a40628a56f25adceefb52%7C0%7C1%7C638326689235160357%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C=cCe%2BgFFBcYzUvnnA%2BYqv9A8koG0QxL2Xq9Om5Edo9%2BQ%3D=0

The problem has been fixed in 9.0.82 which is currently being voted on; release 
will likely occur in another day or two.

   - Chuck

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or intended recipient’s authorized agent, the reader is hereby
notified that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.


You may also set on the connector as a workaround

compression="off"

This will resolve the issue for the time being without the need to 
downgrade to an insecure version.



Markus




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 9.0.81 Degraded ssl performance

[Paul Zepernick]

Thank you Chuck

Paul

From: Chuck Caldarale 
Sent: Wednesday, October 11, 2023 8:54:59 PM
To: Tomcat Users List 
Subject: Re: Tomcat 9.0.81 Degraded ssl performance

NOTICE: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.

> On Oct 11, 2023, at 19:44, Paul Zepernick  
> wrote:
>
> Tomcat Version: 9.0.81
> OS: Windows Server 2016
>
> We recently patched one of our QA servers to test 9.0.81 and ran into 
> performance issues.  Page loads that normally take 1-2 seconds are now taking 
> 50-60 seconds.  We were finally able to narrow the issue down to the SSL 
> connector.  Adding an HTTP connector and bypassing ssl resolves the 
> performance issue.  We have also tested rolling back to 9.0.80 with the same 
> configuration and verified the issue does not exist.
>

This was due to a regression introduced in 9.0.81, as noted here: 
https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbz.apache.org%2Fbugzilla%2Fshow_bug.cgi%3Fid%3D67670=05%7C01%7CPaul.Zepernick%40healthsmart.com%7C6873588541c945dc808a08dbcabde7eb%7C2ce547c5e80a40628a56f25adceefb52%7C0%7C1%7C638326689235160357%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C=cCe%2BgFFBcYzUvnnA%2BYqv9A8koG0QxL2Xq9Om5Edo9%2BQ%3D=0

The problem has been fixed in 9.0.82 which is currently being voted on; release 
will likely occur in another day or two.

  - Chuck

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or intended recipient’s authorized agent, the reader is hereby
notified that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.

Re: Tomcat 9.0.81 Degraded ssl performance

[Chuck Caldarale]

> On Oct 11, 2023, at 19:44, Paul Zepernick  
> wrote:
> 
> Tomcat Version: 9.0.81
> OS: Windows Server 2016
> 
> We recently patched one of our QA servers to test 9.0.81 and ran into 
> performance issues.  Page loads that normally take 1-2 seconds are now taking 
> 50-60 seconds.  We were finally able to narrow the issue down to the SSL 
> connector.  Adding an HTTP connector and bypassing ssl resolves the 
> performance issue.  We have also tested rolling back to 9.0.80 with the same 
> configuration and verified the issue does not exist.
> 

This was due to a regression introduced in 9.0.81, as noted here: 
https://bz.apache.org/bugzilla/show_bug.cgi?id=67670

The problem has been fixed in 9.0.82 which is currently being voted on; release 
will likely occur in another day or two.

  - Chuck

Tomcat 9.0.81 Degraded ssl performance

[Paul Zepernick]

Tomcat Version: 9.0.81
OS: Windows Server 2016

We recently patched one of our QA servers to test 9.0.81 and ran into 
performance issues.  Page loads that normally take 1-2 seconds are now taking 
50-60 seconds.  We were finally able to narrow the issue down to the SSL 
connector.  Adding an HTTP connector and bypassing ssl resolves the performance 
issue.  We have also tested rolling back to 9.0.80 with the same configuration 
and verified the issue does not exist.

SSL Connector:



Additionally, I tried installing the native library to attempt the 
OpenSSLImplementation.  It exhibits the same behavior:



I turned on error logging using:

org.apache.coyote.http11.Http11NioProtocol.level = FINE

I am sporadically seeing these errors:

11-Oct-2023 19:21:04.162 FINE [https-openssl-nio-443-exec-23] 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process Processing socket 
[org.apache.tomcat.util.net.SecureNioChannel@25cfb477:java.nio.channels.SocketChannel[connected
 local=/10.32.68.11:443 remote=/10.32.73.114:52679]] with status [ERROR]

Does anyone have any suggestions on the possible problem, additional logging, 
or configuration changes?  Thanks

Paul R Zepernick

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or intended recipient’s authorized agent, the reader is hereby
notified that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.

troubles with form login, j_security_check

[Linus Kamb]

Recently, my web application has started having issues with the login
process.

I use Tomcat form authentication against a mysql database.  That has been
working fine for years.  But recently, there has been an increase in odd
behaviours, particularly getting stuck at the j_security_check page, which
returns sometimes with a 404, sometimes with a 408, and sometimes a
straight-up 200, but doesn't complete the redirect.

When this happens, the only way to get to the app is to reload the full
application URL a few times, having to relogin again, and eventually you
get there.

I find this a little difficult to debug, as what is in the logs seems to
indicate that the login happened fine, and so far I have found it difficult
to reproduce.

Any thoughts or suggestions where to look or what to look for?

I tail catalina.out and the access log, and I have realm and authenticator
logging turned on to ALL, but haven't yet found anything that gives me a
clue.  (It's quite possible I've missed something in the logging output.)
Next I'll see if I can capture something from the network logs.

The application runs behind a load balancer box that does the SSL and
forwarding to internal services.

thanks for your help.
- Linus

Re: Tomcat upgrade from 9.0.80 to 9.0.81

[i...@flyingfischer.ch]

Am 11.10.23 um 14:02 schrieb Alexander Veit:
Caused by: org.apache.http.ConnectionClosedException: Premature end of 
Content-Length delimited message body (expected: 4,999; received: 3,040)
    at 
org.apache.http.impl.io.ContentLengthInputStream.read(ContentLengthInputStream.java:178)
    at 
io.restassured.internal.util.IOUtils.toByteArray(IOUtils.java:30)
    at 
io.restassured.internal.http.GZIPEncoding$GZIPDecompressingEntity.getContent(GZIPEncoding.java:69)
    at 
org.apache.http.conn.BasicManagedEntity.getContent(BasicManagedEntity.java:85)
    at 
io.restassured.internal.http.HTTPBuilder.parseResponse(HTTPBuilder.java:546)
    at 
io.restassured.internal.RequestSpecificationImpl$RestAssuredHttpBuilder.super$2$parseResponse(RequestSpecificationImpl.groovy)

    at sun.reflect.GeneratedMethodAccessor129.invoke(Unknown Source)
    at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

    at java.lang.reflect.Method.invoke(Method.java:498)
    at 
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:107)

    at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323)
    at 
groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1268)
    at 
org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnSuperN(ScriptBytecodeAdapter.java:144)


Has anyone seen this? I will keep everyone posted after debugging more.


We have experienced the same problem with Tomcat 8.5.94.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Seems to be reported multiple times as this is blocking bug for 
upgrading to the last Tomcat version:



https://bz.apache.org/bugzilla/show_bug.cgi?id=67670

Markus

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat upgrade from 9.0.80 to 9.0.81

[Alexander Veit]

Caused by: org.apache.http.ConnectionClosedException: Premature end of 
Content-Length delimited message body (expected: 4,999; received: 3,040)
at 
org.apache.http.impl.io.ContentLengthInputStream.read(ContentLengthInputStream.java:178)
at io.restassured.internal.util.IOUtils.toByteArray(IOUtils.java:30)
at 
io.restassured.internal.http.GZIPEncoding$GZIPDecompressingEntity.getContent(GZIPEncoding.java:69)
at 
org.apache.http.conn.BasicManagedEntity.getContent(BasicManagedEntity.java:85)
at 
io.restassured.internal.http.HTTPBuilder.parseResponse(HTTPBuilder.java:546)
at 
io.restassured.internal.RequestSpecificationImpl$RestAssuredHttpBuilder.super$2$parseResponse(RequestSpecificationImpl.groovy)
at sun.reflect.GeneratedMethodAccessor129.invoke(Unknown Source)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:107)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:323)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1268)
at 
org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnSuperN(ScriptBytecodeAdapter.java:144)

Has anyone seen this? I will keep everyone posted after debugging more.


We have experienced the same problem with Tomcat 8.5.94.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Change in behavior Tomcat 9.0.81

[Rémy Maucherat]

On Wed, Oct 11, 2023 at 11:30 AM i...@flyingfischer.ch
 wrote:
>
> Strange change in behavior, when updating to the latest Tomcat 9.0.81
> version:
>
> Calling static files (.js / .css) from a server running Tomcat 9.0.81
> over httpclient now results in
>
> org.apache.http.ConnectionClosedException: Premature end of
> Content-Length delimited message body (expected: 8’170; received: 1’927)
>
> Downgrading the server running the webapp serving the static files to
> Tomcat 9.0.80 does not show the issue.
>
> Has there been a change that triggers this error, related to the many
> security fixes in 9.0.81?

https://bz.apache.org/bugzilla/show_bug.cgi?id=67670

Rémy

>
> Thanks for considering.
>
> Best regards
> Markus
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Change in behavior Tomcat 9.0.81

[i...@flyingfischer.ch]

Strange change in behavior, when updating to the latest Tomcat 9.0.81 
version:


Calling static files (.js / .css) from a server running Tomcat 9.0.81 
over httpclient now results in


org.apache.http.ConnectionClosedException: Premature end of 
Content-Length delimited message body (expected: 8’170; received: 1’927)


Downgrading the server running the webapp serving the static files to 
Tomcat 9.0.80 does not show the issue.


Has there been a change that triggers this error, related to the many 
security fixes in 9.0.81?


Thanks for considering.

Best regards
Markus

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issues with writing to the log file

[Ivano Luberti]

I have issues with tomcat log files to.

Is thee a guide on where and how they are configured?

It seems it depends not only on tomcat but also on the OSis it correct?

Il 11/10/2023 00:21, Shakila Rajaiah ha scritto:

Hello Users,
I am not sure if I have set up my application correctly. The logs that I have 
included in my java application are not getting written to the log files.
I have catalina.2023-10-10 which only contaings information about the server 
starting.localhost.2023-10-10 having similar information
localhost_access_log.2023-10-10 - get and post requests

I can see all the logs on the server when it is running. Can I write out that 
information to a text file? If so can you please send me the link?
Thanks,Shakila

Shakila Rajaiah  *  e-mail:sraja...@yahoo.com   
  


   

--

Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno 
2003 n. 196

per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa 



dott. Ivano Mario Luberti

Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa

tel.: +39 050/580959 | fax: +39 050/8932061

web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/