RE: TLSv1.2 ALERT: fatal, description = unexpected_message

Venkata Reddy P Thu, 16 Jun 2016 07:38:18 -0700

Hi,

When I access my website with ssl enabling, I am getting the following errors. 
My server.xml  connectionTimeout=-1,  it is using TLSv1.2 protocol.
why I am getting readTimeout and possible reasons?


 [Jun 16 2016:06:42:08 PDT] DEBUG http-bio-10.4.20.46-50002-exec-22 
com.poc.GaHttp11Protocol - Socket: 
[org.apache.tomcat.util.net.SocketWrapper@33da3058:452a7c62[TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
 Socket[addr=/10.4.20.46,port=49787,localport=50002]]], Status in: [OPEN_READ], 
State out: [CLOSED]
 [Jun 16 2016:06:42:08 PDT] DEBUG http-bio-10.4.20.46-50002-exec-23 
com.poc.GaHttp11Protocol
 - Socket: 
[org.apache.tomcat.util.net.SocketWrapper@3cde4600:3ab71c6f[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
 Socket[addr=/10.4.20.46,port=49788,localport=50002]]], Status in: [OPEN_READ], 
State out: [CLOSED]
 [Jun 16 2016:06:42:09 PDT] DEBUG http-bio-10.4.20.46-50002-exec-24 
org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header
 java.io.EOFException: Unexpected EOF read on the socket
        at 
org.apache.coyote.http11.Http11Processor.setRequestLineReadTimeout(Http11Processor.java:156)
        at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1007)
        at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
        at 
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:277)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)

[Jun 16 2016:06:42:15 PDT] DEBUG http-bio-10.4.20.46-50002-exec-33 
org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header
 java.net.SocketException: Software caused connection abort: recv failed
        at java.net.SocketInputStream.socketRead0(Native Method)
        at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
        at java.net.SocketInputStream.read(SocketInputStream.java:170)
        at java.net.SocketInputStream.read(SocketInputStream.java:141)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
        at sun.security.ssl.InputRecord.read(InputRecord.java:503)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:930)
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
        at 
org.apache.coyote.http11.InternalInputBuffer.fill(InternalInputBuffer.java:529)
        at 
org.apache.coyote.http11.Http11Processor.setRequestLineReadTimeout(Http11Processor.java:155)
        at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1007)
        at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
        at 
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:279)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)

Thanks
Venkata
-----Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 07 June 2016 00:36
To: Tomcat Users List
Subject: Re: TLSv1.2 ALERT: fatal, description = unexpected_message

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Venkata,

On 6/5/16 1:45 PM, Venkata Reddy P wrote:
> My current ssl errors are getting only for IE and google chrome
> browsers.  The same application is working well for the Firefox that's
> the reason can't suspect the SSL implementation.

I disagree with your assumption here that Firefox and MSIE/Chrome all work the 
same way when it comes to TLS. Perhaps MSIE/Chrome use a particular TLS 
extension that Firefox does not. Perhaps there is a cipher suite in the list 
from MSIE/Chrome that is not in Firefox (or vice-versa).

> I have also tried with OpenSSL client and confirms the nothing wrong
> with ssl implementation. The same ssl implantation have been using
> from tomcat4 onwards and the same implementation has been injected as
> per the tomcat8 connectors.

Lots of changes have occurred within the Tomcat Connector code between Tomcat 4 
and Tomcat 8. The same implementation can not be successfully re-used across 
those versions.

Perhaps if you shared some of the code, we could help debug it. If not, you 
will have to debug your own code by yourself.

- -chris

> -----Original Message----- From: Mark Thomas [mailto:ma...@apache.org]
> Sent: 05 June 2016 22:23 To: Tomcat Users List Subject: Re: TLSv1.2
> ALERT: fatal, description = unexpected_message
>
> On 05/06/2016 16:32, Venkata Reddy P wrote:
>> Hi,
>>
>> I have a setup with Tomcat8.0.33,jre8u91 and with ssl enabled with
>> http connector. <Connector SSLEnabled="true"
>> acceptCount="100" address="10.4.20.46" connectionTimeout="-1"
>> disableUploadTimeout="true" enableLookups="false"
>> maxHttpHeaderSize="8192" maxThreads="500" port="50002"
>> protocol="com.poc.tomcat8.SSLHttp11Protocol" scheme="https"
>> secure="true" />
>>
>> Most of the application works on ssl without any issues but while
>> downloading JS,CSS files seems to be failing. I can't suspect the ssl
>> implementation.
>
> Why not? We haven't seen any reports from users using the default TLS
> implementation. You are using a custom TLS implementation any you are
> seeing errors. Absent some VERY strong evidence this is a Tomcat bug,
> all the indications are that the bug is in
> com.poc.tomcat8.SSLHttp11Protocol
>
> Mark
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAldVyXoACgkQ9CaO5/Lv0PBXiACgueSAfA8AJuKZ8Bj8ASyufUKO
rWEAoLypfk0l1ksNuBJzgjfmLbtetOB4
=wKzY
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: TLSv1.2 ALERT: fatal, description = unexpected_message

Reply via email to