Mark, I read that you ported all the new SSL functionality to 8.5, so my first guess was, that if that problem was new, you might want to know what's wrong ;-).
>On 25/04/2016 17:10, Kreuser, Peter wrote: >> Hi there, >> >> I have setup Tomcat 8.5 with the all new SSL Config and HTTP/2. >> >> To test the setup I use testssl.sh (https://testssl.sh ) . The scan is >> successful, also stating HTTP/2 is working. So far so good. >> >> However I see the following exception in the Logs: >> >> 25-Apr-2016 17:36:16.697 SEVERE [https-nio2-8443-exec-6] >> org.apache.coyote.AbstractProtocol$ConnectionHandler.process Error reading >> request, ignored >> java.lang.IllegalStateException: Failed to create Processor for negotiated >> protocol [""] >> at >> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:736) >> at >> org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.run(Nio2Endpoint.java:1699) >> at >> org.apache.tomcat.util.net.Nio2Endpoint.processSocket0(Nio2Endpoint.java:397) >> at >> org.apache.tomcat.util.net.Nio2Endpoint.processSocket(Nio2Endpoint.java:382) >> at >> org.apache.tomcat.util.net.SecureNio2Channel$HandshakeWriteCompletionHandler.completed(SecureNio2Channel.java:115) >> at >> org.apache.tomcat.util.net.SecureNio2Channel$HandshakeWriteCompletionHandler.completed(SecureNio2Channel.java:108) >> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) >> at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157) >> at >> sun.nio.ch.UnixAsynchronousSocketChannelImpl.implWrite(UnixAsynchronousSocketChannelImpl.java:736) >> at >> sun.nio.ch.AsynchronousSocketChannelImpl.write(AsynchronousSocketChannelImpl.java:382) >> at >> sun.nio.ch.AsynchronousSocketChannelImpl.write(AsynchronousSocketChannelImpl.java:399) >> at >> java.nio.channels.AsynchronousSocketChannel.write(AsynchronousSocketChannel.java:577) >> at >> org.apache.tomcat.util.net.SecureNio2Channel.handshakeInternal(SecureNio2Channel.java:273) >> at >> org.apache.tomcat.util.net.SecureNio2Channel.handshake(SecureNio2Channel.java:204) >> at >> org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.run(Nio2Endpoint.java:1676) >> at >> org.apache.tomcat.util.net.Nio2Endpoint.processSocket0(Nio2Endpoint.java:397) >> at >> org.apache.tomcat.util.net.Nio2Endpoint.processSocket(Nio2Endpoint.java:382) >> at >> org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:98) >> at >> org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:91) >> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) >> at sun.nio.ch.Invoker$2.run(Invoker.java:218) >> at >> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) >> at >> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) >> at java.lang.Thread.run(Thread.java:745) >> >> The sourcecode of AbstractProtocol.java states: >> >> if (processor == null) { >> String negotiatedProtocol = >> wrapper.getNegotiatedProtocol(); >> if (negotiatedProtocol != null) { >> UpgradeProtocol upgradeProtocol = >> >> getProtocol().getNegotiatedProtocol(negotiatedProtocol); >> if (upgradeProtocol != null) { >> processor = upgradeProtocol.getProcessor( >> wrapper, getProtocol().getAdapter()); >> } else if (negotiatedProtocol.equals("http/1.1")) { >> // Explicitly negotiated the default protocol. >> // Obtain a processor below. >> } else { >> // Failed to create processor. This is a bug. >> throw new IllegalStateException(sm.getString( >> >> "abstractConnectionHandler.negotiatedProcessor.fail", >> negotiatedProtocol)); >> } >> } >> } >> >> So why is this a bug? Should I change something or should Mark T. look into >> it? > >I don't have exclusive rights for investigating potential Tomcat bugs >you know (although I do have the advantage that a large proportion of my >$dayjob is doing exactly that). > >This is on my radar but I'd love to see someone else (I'm looking at you >Peter) take a look. My suggestion is to find out: >a) what protocols Tomcat is advertising >b) what protocols the client is requesting >c) how Tomcat combines a) and b) to get "". > >a) and b) should be easy to log from the existing code. > >Mark > I will try to look into that and maybe I can trace some of the request that cause the problem. Any hints on how to get more debug output without compiling the code myself? Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
