Moving the SSL port from 8443 to 443 has solved the problem. It appears that when the url www.something.net is entered, Firefox remembers that this is an SSL site and automatically add the "s" to get https. In fact after the timeout the url line in the browser shows https:www.something.net. Obviously, this is defaulting to the standard SSL port (443), which does not work if 8443 is used. Moving the port to 443 solved the problem.
If you read about setting up Tomcat, the default SSL port is 8443. Maybe this is done for testing, but it never seems to be explained that there might be problems with 8443. - Bruce -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, June 20, 2014 10:51 AM To: Tomcat Users List Subject: Re: Browsers suddenly start timing out when accessing port 80 of secure site -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jeffrey, On 6/20/14, 10:24 AM, Jeffrey Janner wrote: >> -----Original Message----- From: Bruce Lombardi >> [mailto:brlom...@gmail.com] Sent: Thursday, June 19, 2014 11:33 AM >> To: users@tomcat.apache.org Subject: Browsers suddenly start timing >> out when accessing port 80 of secure site >> >> We have a Java application running on Tomcat 7.0.52 on an Amazon Web >> Services EC2 Windows 2008 R2 server. Tomcat is setup so that our >> application is the root application and is accessible from port 80. >> The application and Tomcat are configured with SSL so that whenever >> anyone types in the url for the site (e.g. >> www.something.net) Tomcat will switch into HTTPS and use port 8443. >> >> This all works fine, but it seems that if for some reason a browser >> times out when accessing the site, it will never connect to the site >> again, and any attempt to connect using www.something.net will show >> that the connection has timed out. >> Yet if you put in the port number (e.g., www.something.net:8443) it >> comes up right away. We have seen this happen on both Chrome (Version >> 35.0.1916.153 m) and Firefox (Version 30.0). >> >> On Chrome I was able to get the browser to connect to the site by >> going to Settings > Advanced > Clear Browser Data and clearing >> browser history, download history, cookies, and cached images and >> files. Once I did that the site came up immediately with >> www.something.net and switch to HTTPS as it is supposed to do. >> >> On Firefox, I get the same thing. It will not connect unless I add >> the port. I tried clearing cached web content, setting the cache >> limit to zero, and clearing offline web content. None of this worked. >> Re-installing Firefox did work. >> >> It took me several months to encounter this problem. But other users >> have encountered it right away (e.g., when setting up a new machine). >> >> Using browser development tools and Tomcat logs, I was able to see >> the following: >> >> . When working chrome send get to url. Tomcat responds >> with HTTP 302 and redirects to the secure port. The Tomcat >> localhost_access_log reflects these transmissions. >> >> . When not working, Firefox sends get to url, but no >> response is returned. The Tomcat localhost_access_log is blank. >> >> Can anyone shed any light on this? Is this a Tomcat issue or >> something to do with the browsers? Is there anything I can look for >> in the logs that may help? >> >> Bruce > > Sounds like a browser issue to me +1 I've found that many browsers cache responses - including error responses -- longer than one might expect. Try a complete page-refresh using SHIFT-CTRL-R (or SHIFT-CMD-R), and if that doesn't work, clear all cache and possibly restart the browser if that doesn't work. > , Bruce, unless you've got something else in your topology that could > be causing the issue. Say a proxy, for instance? Also, are you sure on > the subsequent attempts that your URL starts off with http:// and not > https://. It's a pretty easy detail to overlook. > > And on a just curious basis: Why redirect to 8443 instead of the > standard HTTPS port of 443? Then you wouldn't need the port number in > the URL. +1 (And if you can't because you already have a web server running, try routing the Tomcat traffic through the web server.) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTpEpnAAoJEBzwKT+lPKRYeroP/3aB7wYetmOZLNdiP6IeIDwK wBbvKC9wtoyA6hyelCIR5juIqC7ovSA31J1UxtvubWxiJYO2cy04V7RoBPEprgtj QHRmgt5Kppet300fTRdO3m4l2RN1FofrvMHPw/5w9PYG2i9IFnd8T/75vKnxKtmo NPhhznGsGXCFoTjNYdKltFtm5MQFEYSzkSp2Y1c7z3+PSG6Fhc+7+TD2UFn08sNY iZJfRprgJI3IaeRw+ETSUMeQkYUkuIDtb1EW5iPnKdLdRoNadUCPTTBeLVJvB9X6 I3MvbOehLOtAerrdlp62jPZKRGZd1brF8Or21cQ5DdFv0hCQjG4fMA1zIYn3eNbf sv0YTProdQABGy6cjLgdLtCR3/weQcet7rcjiykVyPTln/kjzAzLA+iNF+NF3Lg0 OZAJ6xXT89lHIzkRXkrk/5kd1nZXX7Hsl8uizbtgOFntFd5rTM2nH4MdUzIOqNuP wZ7/pfIiNNpu7YBzsspcshkqZeyTbZhhNEBjFa1RO/d8VRhH7EQFp5eEU5BI+S+h BVbIpvyVhfQ+JjDyrDZ6qJ8vxctbSmZJkggBv5g5iSxYAPKkpuTQzijD4R6ecTr6 KOgThCcBQ/vWa/eGBemCysDRYNGM2kaMAL+8xzD2LypbbYRH+ec8LChRGzVBZFJ4 tcroyxk2g0U7wPOHp1gz =z/ZM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org