Hi,
When I access my website with ssl enabling, I am getting the following errors.
My server.xml connectionTimeout=-1, it is using TLSv1.2 protocol.
why I am getting readTimeout and possible reasons?
[Jun 16 2016:06:42:08 PDT] DEBUG http-bio-10.4.20.46-50002-exec-22
com.poc.GaHttp11Protocol - Socket:
[org.apache.tomcat.util.net.SocketWrapper@33da3058:452a7c62[TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
Socket[addr=/10.4.20.46,port=49787,localport=50002]]], Status in: [OPEN_READ],
State out: [CLOSED]
[Jun 16 2016:06:42:08 PDT] DEBUG http-bio-10.4.20.46-50002-exec-23
com.poc.GaHttp11Protocol
- Socket:
[org.apache.tomcat.util.net.SocketWrapper@3cde4600:3ab71c6f[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
Socket[addr=/10.4.20.46,port=49788,localport=50002]]], Status in: [OPEN_READ],
State out: [CLOSED]
[Jun 16 2016:06:42:09 PDT] DEBUG http-bio-10.4.20.46-50002-exec-24
org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header
java.io.EOFException: Unexpected EOF read on the socket
at
org.apache.coyote.http11.Http11Processor.setRequestLineReadTimeout(Http11Processor.java:156)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1007)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:277)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
[Jun 16 2016:06:42:15 PDT] DEBUG http-bio-10.4.20.46-50002-exec-33
org.apache.coyote.http11.Http11Processor - Error parsing HTTP request header
java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
at java.net.SocketInputStream.read(SocketInputStream.java:170)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:930)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
at
org.apache.coyote.http11.InternalInputBuffer.fill(InternalInputBuffer.java:529)
at
org.apache.coyote.http11.Http11Processor.setRequestLineReadTimeout(Http11Processor.java:155)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1007)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:279)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Thanks
Venkata
-----Original Message-----
From: Christopher Schultz [mailto:[email protected]]
Sent: 07 June 2016 00:36
To: Tomcat Users List
Subject: Re: TLSv1.2 ALERT: fatal, description = unexpected_message
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Venkata,
On 6/5/16 1:45 PM, Venkata Reddy P wrote:
> My current ssl errors are getting only for IE and google chrome
> browsers. The same application is working well for the Firefox that's
> the reason can't suspect the SSL implementation.
I disagree with your assumption here that Firefox and MSIE/Chrome all work the
same way when it comes to TLS. Perhaps MSIE/Chrome use a particular TLS
extension that Firefox does not. Perhaps there is a cipher suite in the list
from MSIE/Chrome that is not in Firefox (or vice-versa).
> I have also tried with OpenSSL client and confirms the nothing wrong
> with ssl implementation. The same ssl implantation have been using
> from tomcat4 onwards and the same implementation has been injected as
> per the tomcat8 connectors.
Lots of changes have occurred within the Tomcat Connector code between Tomcat 4
and Tomcat 8. The same implementation can not be successfully re-used across
those versions.
Perhaps if you shared some of the code, we could help debug it. If not, you
will have to debug your own code by yourself.
- -chris
> -----Original Message----- From: Mark Thomas [mailto:[email protected]]
> Sent: 05 June 2016 22:23 To: Tomcat Users List Subject: Re: TLSv1.2
> ALERT: fatal, description = unexpected_message
>
> On 05/06/2016 16:32, Venkata Reddy P wrote:
>> Hi,
>>
>> I have a setup with Tomcat8.0.33,jre8u91 and with ssl enabled with
>> http connector. <Connector SSLEnabled="true"
>> acceptCount="100" address="10.4.20.46" connectionTimeout="-1"
>> disableUploadTimeout="true" enableLookups="false"
>> maxHttpHeaderSize="8192" maxThreads="500" port="50002"
>> protocol="com.poc.tomcat8.SSLHttp11Protocol" scheme="https"
>> secure="true" />
>>
>> Most of the application works on ssl without any issues but while
>> downloading JS,CSS files seems to be failing. I can't suspect the ssl
>> implementation.
>
> Why not? We haven't seen any reports from users using the default TLS
> implementation. You are using a custom TLS implementation any you are
> seeing errors. Absent some VERY strong evidence this is a Tomcat bug,
> all the indications are that the bug is in
> com.poc.tomcat8.SSLHttp11Protocol
>
> Mark
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAldVyXoACgkQ9CaO5/Lv0PBXiACgueSAfA8AJuKZ8Bj8ASyufUKO
rWEAoLypfk0l1ksNuBJzgjfmLbtetOB4
=wKzY
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
