RE: TLSv1.2 ALERT: fatal, description = unexpected_message
Hi, When I access my website with ssl enabling, I am getting the following errors. My server.xml connectionTimeout=-1, it is using TLSv1.2 protocol. why I am getting readTimeout and possible reasons? [Jun 16 2016:06:42:08 PDT] DEBUG http-bio-10.4.20.46-50002-exec-22 com.poc.GaHttp11Protocol - Socket: [org.apache.tomcat.util.net.SocketWrapper@33da3058:452a7c62[TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: Socket[addr=/10.4.20.46,port=49787,localport=50002]]], Status in: [OPEN_READ], State out: [CLOSED] [Jun 16 2016:06:42:08 PDT] DEBUG http-bio-10.4.20.46-50002-exec-23 com.poc.GaHttp11Protocol - Socket: [org.apache.tomcat.util.net.SocketWrapper@3cde4600:3ab71c6f[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: Socket[addr=/10.4.20.46,port=49788,localport=50002]]], Status in: [OPEN_READ], State out: [CLOSED] [Jun 16 2016:06:42:09 PDT] DEBUG http-bio-10.4.20.46-50002-exec-24 org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header java.io.EOFException: Unexpected EOF read on the socket at org.apache.coyote.http11.Http11Processor.setRequestLineReadTimeout(Http11Processor.java:156) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1007) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:277) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) [Jun 16 2016:06:42:15 PDT] DEBUG http-bio-10.4.20.46-50002-exec-33 org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header java.net.SocketException: Software caused connection abort: recv failed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) at java.net.SocketInputStream.read(SocketInputStream.java:170) at java.net.SocketInputStream.read(SocketInputStream.java:141) at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) at sun.security.ssl.InputRecord.read(InputRecord.java:503) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:930) at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) at org.apache.coyote.http11.InternalInputBuffer.fill(InternalInputBuffer.java:529) at org.apache.coyote.http11.Http11Processor.setRequestLineReadTimeout(Http11Processor.java:155) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1007) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:279) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Thanks Venkata -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 07 June 2016 00:36 To: Tomcat Users List Subject: Re: TLSv1.2 ALERT: fatal, description = unexpected_message -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Venkata, On 6/5/16 1:45 PM, Venkata Reddy P wrote: > My current ssl errors are getting only for IE and google chrome > browsers. The same application is working well for the Firefox that's > the reason can't suspect the SSL implementation. I disagree with your assumption here that Firefox and MSIE/Chrome all work the same way when it comes to TLS. Perhaps MSIE/Chrome use a particular TLS extension that Firefox does not. Perhaps there is a cipher suite in the list from MSIE/Chrome that is not in Firefox (or vice-versa). > I have also tried with OpenSSL client and confirms the nothing wrong > with ssl implementation. The same ssl implantation have been using > from tomcat4 onwards and the same implementation has been injected as > per the tomcat8 connectors. Lots of changes have occurred within the Tomcat Connector code between Tomcat 4 and Tomcat 8. The same implementation can not be successfully re-used across those versions. Perhaps if you shared some of the code, we could help debug it. If not, you will have to debug your own code by yourself. - -chris > -Original Message- From: Mark Thomas [mailto:ma...@apache.org] > Sent: 05 June 2016 22:23 To: Tomcat Users List Subject: Re
Re: TLSv1.2 ALERT: fatal, description = unexpected_message
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Venkata, On 6/5/16 1:45 PM, Venkata Reddy P wrote: > My current ssl errors are getting only for IE and google chrome > browsers. The same application is working well for the Firefox > that's the reason can't suspect the SSL implementation. I disagree with your assumption here that Firefox and MSIE/Chrome all work the same way when it comes to TLS. Perhaps MSIE/Chrome use a particular TLS extension that Firefox does not. Perhaps there is a cipher suite in the list from MSIE/Chrome that is not in Firefox (or vice-versa). > I have also tried with OpenSSL client and confirms the nothing > wrong with ssl implementation. The same ssl implantation have been > using from tomcat4 onwards and the same implementation has been > injected as per the tomcat8 connectors. Lots of changes have occurred within the Tomcat Connector code between Tomcat 4 and Tomcat 8. The same implementation can not be successfully re-used across those versions. Perhaps if you shared some of the code, we could help debug it. If not, you will have to debug your own code by yourself. - -chris > -Original Message- From: Mark Thomas > [mailto:ma...@apache.org] Sent: 05 June 2016 22:23 To: Tomcat Users > List Subject: Re: TLSv1.2 ALERT: fatal, description = > unexpected_message > > On 05/06/2016 16:32, Venkata Reddy P wrote: >> Hi, >> >> I have a setup with Tomcat8.0.33,jre8u91 and with ssl enabled >> with http connector. > acceptCount="100" address="10.4.20.46" connectionTimeout="-1" >> disableUploadTimeout="true" enableLookups="false" >> maxHttpHeaderSize="8192" maxThreads="500" port="50002" >> protocol="com.poc.tomcat8.SSLHttp11Protocol" scheme="https" >> secure="true" /> >> >> Most of the application works on ssl without any issues but while >> downloading JS,CSS files seems to be failing. I can't suspect the >> ssl implementation. > > Why not? We haven't seen any reports from users using the default > TLS implementation. You are using a custom TLS implementation any > you are seeing errors. Absent some VERY strong evidence this is a > Tomcat bug, all the indications are that the bug is in > com.poc.tomcat8.SSLHttp11Protocol > > Mark > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAldVyXoACgkQ9CaO5/Lv0PBXiACgueSAfA8AJuKZ8Bj8ASyufUKO rWEAoLypfk0l1ksNuBJzgjfmLbtetOB4 =wKzY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: TLSv1.2 ALERT: fatal, description = unexpected_message
Is the size of the https request cause any issues? The IE (hanging on while loading few requests) and Chrome (net::ERR_SSL_PROTOCOL_ERROR) request are working occasionally, what I observed is sometime loads js, css files from cache and then it works fine. If it is trying to download from the server, then it fails to load few https requests out of 47. I have tried increasing the size of maxHttpHeaderSize=51200, minSpareThreads=200, compression=on, maxConnections=1000 but no luck. Are there anyother tomcat attributes which can back to load the js(maximum size can be around 60 kb), css(maximum size can be around 40 kb) file without any interruptions? -Original Message- From: Venkata Reddy P Sent: Sunday, June 05, 2016 11:15 PM To: Tomcat Users List Subject: RE: TLSv1.2 ALERT: fatal, description = unexpected_message Thanks Mark for the reply. I have forgot to mention. My current ssl errors are getting only for IE and google chrome browsers. The same application is working well for the Firefox that's the reason can't suspect the SSL implementation. I have aslo tried with openssl client and confirms the nothing wrong with ssl implementation. The same ssl implantation have been using from tomcat4 onwards and the same implementation has been injected as per the tomcat8 connectors. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 05 June 2016 22:23 To: Tomcat Users List Subject: Re: TLSv1.2 ALERT: fatal, description = unexpected_message On 05/06/2016 16:32, Venkata Reddy P wrote: > Hi, > > I have a setup with Tomcat8.0.33,jre8u91 and with ssl enabled with http > connector. > address="10.4.20.46" connectionTimeout="-1" > disableUploadTimeout="true" enableLookups="false" > maxHttpHeaderSize="8192" > maxThreads="500" port="50002" > protocol="com.poc.tomcat8.SSLHttp11Protocol" > scheme="https" secure="true" /> > > Most of the application works on ssl without any issues but while downloading > JS,CSS files seems to be failing. I can't suspect the ssl implementation. Why not? We haven't seen any reports from users using the default TLS implementation. You are using a custom TLS implementation any you are seeing errors. Absent some VERY strong evidence this is a Tomcat bug, all the indications are that the bug is in com.poc.tomcat8.SSLHttp11Protocol Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: TLSv1.2 ALERT: fatal, description = unexpected_message
Thanks Mark for the reply. I have forgot to mention. My current ssl errors are getting only for IE and google chrome browsers. The same application is working well for the Firefox that's the reason can't suspect the SSL implementation. I have aslo tried with openssl client and confirms the nothing wrong with ssl implementation. The same ssl implantation have been using from tomcat4 onwards and the same implementation has been injected as per the tomcat8 connectors. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 05 June 2016 22:23 To: Tomcat Users List Subject: Re: TLSv1.2 ALERT: fatal, description = unexpected_message On 05/06/2016 16:32, Venkata Reddy P wrote: > Hi, > > I have a setup with Tomcat8.0.33,jre8u91 and with ssl enabled with http > connector. > address="10.4.20.46" connectionTimeout="-1" > disableUploadTimeout="true" enableLookups="false" > maxHttpHeaderSize="8192" > maxThreads="500" port="50002" > protocol="com.poc.tomcat8.SSLHttp11Protocol" > scheme="https" secure="true" /> > > Most of the application works on ssl without any issues but while downloading > JS,CSS files seems to be failing. I can't suspect the ssl implementation. Why not? We haven't seen any reports from users using the default TLS implementation. You are using a custom TLS implementation any you are seeing errors. Absent some VERY strong evidence this is a Tomcat bug, all the indications are that the bug is in com.poc.tomcat8.SSLHttp11Protocol Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TLSv1.2 ALERT: fatal, description = unexpected_message
On 05/06/2016 16:32, Venkata Reddy P wrote: > Hi, > > I have a setup with Tomcat8.0.33,jre8u91 and with ssl enabled with http > connector. > address="10.4.20.46" connectionTimeout="-1" > disableUploadTimeout="true" enableLookups="false" > maxHttpHeaderSize="8192" > maxThreads="500" port="50002" > protocol="com.poc.tomcat8.SSLHttp11Protocol" > scheme="https" secure="true" /> > > Most of the application works on ssl without any issues but while downloading > JS,CSS files seems to be failing. I can't suspect the ssl implementation. Why not? We haven't seen any reports from users using the default TLS implementation. You are using a custom TLS implementation any you are seeing errors. Absent some VERY strong evidence this is a Tomcat bug, all the indications are that the bug is in com.poc.tomcat8.SSLHttp11Protocol Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
