Tomcat 8.5.23 Initialization PRNG/SSL

Fri, 27 Oct 2017 07:57:02 -0700

I'm seeing some strange ssl errors. They're not reproducible consistently, and I think they're because the PRNG is initializing after the Connector. Here's some log output: 

26-Oct-2017 17:04:08.380 INFO [main] org.apache.coyote.AbstractProtocol.start Starting 
ProtocolHandler ["http-nio-8080"]
26-Oct-2017 17:04:08.429 INFO [main] org.apache.coyote.AbstractProtocol.start Starting 
ProtocolHandler ["https-jsse-nio-443"]
26-Oct-2017 17:04:08.459 INFO [main] org.apache.coyote.AbstractProtocol.start Starting 
ProtocolHandler ["ajp-nio-8009"]
26-Oct-2017 17:04:08.492 INFO [main] org.apache.catalina.startup.Catalina.start 
Server startup in 56903 ms
26-Oct-2017 17:05:16.364 WARNING [localhost-startStop-1] 
org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of 
SecureRandom instance for session ID generation using [SHA1PRNG] took [118,978] 
milliseconds.

The exception is:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown 
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown 
Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown 
Source)
Has anyone else seen something like this? The app is making an internal SSL connection to another servlet. I don't know why they didn't use a RequestDispatcher and do .include(), but it's not my code.
Anyhow, am I right that the exception is probably related to the connectors coming up before the PRNG? 

--
George S.
*MH Software, Inc.*
Voice: 303 438 9585
http://www.connectdaily.com

Reply via email to