RE: OT: java.net.socket exception
Thanks Chris. Yes, I misspelled it, I said I'm not a developer. LOL I'm just trying to figure out WHY that setting would blow up a spring coded outbound connection like that. Thanks, Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -Original Message- > From: Christopher Schultz > Sent: Friday, May 26, 2023 11:17 AM > To: users@tomcat.apache.org > Subject: Re: OT: java.net.socket exception > > Mark, Jon, > > On 5/26/23 04:39, Mark Thomas wrote: > > On 25/05/2023 20:46, jonmcalexan...@wellsfargo.com.INVALID wrote: > >> So, to start I'm not a developer. With that said, have a development > >> team that is getting the exception below in their Tomcat 9.0.74 > >> implementation using Java 11 (also with Java 8). After much > >> troubleshooting with their configuration, it turned out to be this in > >> the JAVA_OPTIONS: > >> > >> -Djsse.enableSNIExtention=false > >> > >> Once I removed that, the exception and 500 error went away and things > >> work properly. > >> > >> Is there an issue using this Java Option? > > > > The exception is happening on an outgoing connection so this isn't > > really a Tomcat issue. > > > > Some quick research indicated that this setting can be used as a > > work-around for JSSE throwning an exception for some TLS warnings. > > > > Disabling SNI seems like a bad idea to me. I'd expect most sites to be > > using it. > > +1 > > BTW you misspelled the system property above, Jon. It's > jsse.enableSNIExtension (t -> s). > > > If removing the option fixes the issues then I'd go with removing the > > option. > > > > Finally, I'd try tracking down why the option was added in the first > > place and see if that reasoning still applies. > > +1 > > These days, SNI is basically /the/ way to identify the target hostname to a > server. All modern software should support it and do it properly. > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
Re: OT: java.net.socket exception
Mark, Jon, On 5/26/23 04:39, Mark Thomas wrote: On 25/05/2023 20:46, jonmcalexan...@wellsfargo.com.INVALID wrote: So, to start I'm not a developer. With that said, have a development team that is getting the exception below in their Tomcat 9.0.74 implementation using Java 11 (also with Java 8). After much troubleshooting with their configuration, it turned out to be this in the JAVA_OPTIONS: -Djsse.enableSNIExtention=false Once I removed that, the exception and 500 error went away and things work properly. Is there an issue using this Java Option? The exception is happening on an outgoing connection so this isn't really a Tomcat issue. Some quick research indicated that this setting can be used as a work-around for JSSE throwning an exception for some TLS warnings. Disabling SNI seems like a bad idea to me. I'd expect most sites to be using it. +1 BTW you misspelled the system property above, Jon. It's jsse.enableSNIExtension (t -> s). If removing the option fixes the issues then I'd go with removing the option. Finally, I'd try tracking down why the option was added in the first place and see if that reasoning still applies. +1 These days, SNI is basically /the/ way to identify the target hostname to a server. All modern software should support it and do it properly. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: OT: java.net.socket exception
On 25/05/2023 20:46, jonmcalexan...@wellsfargo.com.INVALID wrote:
So, to start I'm not a developer. With that said, have a development team that
is getting the exception below in their Tomcat 9.0.74 implementation using Java
11 (also with Java 8). After much troubleshooting with their configuration, it
turned out to be this in the JAVA_OPTIONS:
-Djsse.enableSNIExtention=false
Once I removed that, the exception and 500 error went away and things work
properly.
Is there an issue using this Java Option?
The exception is happening on an outgoing connection so this isn't
really a Tomcat issue.
Some quick research indicated that this setting can be used as a
work-around for JSSE throwning an exception for some TLS warnings.
Disabling SNI seems like a bad idea to me. I'd expect most sites to be
using it.
If removing the option fixes the issues then I'd go with removing the
option.
Finally, I'd try tracking down why the option was added in the first
place and see if that reasoning still applies.
Mark
Thanks.
Stack-Trace below:
javax.net.ssl|DEBUG|0F|https-jsse-nio-10431-exec-1|2023-05-25 12:16:03.746
CDT|Utilities.java:73|the previous server name in SNI (type=host_name (0),
value=..xxx) was replaced with (type=host_name (0), value=..xxx)
javax.net.ssl|DEBUG|0F|https-jsse-nio-10431-exec-1|2023-05-25 12:16:03.751
CDT|SSLSocketOutputRecord.java:263|WRITE: TLSv1.3 handshake, length = 378
javax.net.ssl|WARNING|0F|https-jsse-nio-10431-exec-1|2023-05-25 12:16:03.753
CDT|SSLSocketImpl.java:1519|handling exception (
"throwable" : {
java.net.SocketException: Connection reset
at
java.base/java.net.SocketInputStream.read(SocketInputStream.java:186)
at
java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
at
java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:484)
at
java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:478)
at
java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160)
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111)
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1383)
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1296)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:416)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:388)
at
java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:576)
at
java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:201)
at
java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:168)
at
org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
at
org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at
org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
at
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:782)
at
org.springframework.web.client.RestTemplate.execute(RestTemplate.java:717)
at
org.springframework.web.client.RestTemplate.getForEntity(RestTemplate.java:367)
at
com..spring.controller.HomeController.home(HomeController.java:27)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at
org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
at
org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
at
or
OT: java.net.socket exception
So, to start I'm not a developer. With that said, have a development team that
is getting the exception below in their Tomcat 9.0.74 implementation using Java
11 (also with Java 8). After much troubleshooting with their configuration, it
turned out to be this in the JAVA_OPTIONS:
-Djsse.enableSNIExtention=false
Once I removed that, the exception and 500 error went away and things work
properly.
Is there an issue using this Java Option?
Thanks.
Stack-Trace below:
javax.net.ssl|DEBUG|0F|https-jsse-nio-10431-exec-1|2023-05-25 12:16:03.746
CDT|Utilities.java:73|the previous server name in SNI (type=host_name (0),
value=..xxx) was replaced with (type=host_name (0), value=..xxx)
javax.net.ssl|DEBUG|0F|https-jsse-nio-10431-exec-1|2023-05-25 12:16:03.751
CDT|SSLSocketOutputRecord.java:263|WRITE: TLSv1.3 handshake, length = 378
javax.net.ssl|WARNING|0F|https-jsse-nio-10431-exec-1|2023-05-25 12:16:03.753
CDT|SSLSocketImpl.java:1519|handling exception (
"throwable" : {
java.net.SocketException: Connection reset
at
java.base/java.net.SocketInputStream.read(SocketInputStream.java:186)
at
java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
at
java.base/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:484)
at
java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(SSLSocketInputRecord.java:478)
at
java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:160)
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111)
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1383)
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1296)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:416)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:388)
at
java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:576)
at
java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:201)
at
java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:168)
at
org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
at
org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at
org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
at
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:782)
at
org.springframework.web.client.RestTemplate.execute(RestTemplate.java:717)
at
org.springframework.web.client.RestTemplate.getForEntity(RestTemplate.java:367)
at
com..spring.controller.HomeController.home(HomeController.java:27)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at
org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
at
org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at
org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
at
org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1071)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:964)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
at javax.servlet.http.HttpServlet.service(HttpServlet.java
