I'm seeing some strange ssl errors. They're not reproducible
consistently, and I think they're because the PRNG is initializing after
the Connector. Here's some log output:
26-Oct-2017 17:04:08.380 INFO [main] org.apache.coyote.AbstractProtocol.start Starting
ProtocolHandler ["http-nio-8080"]
26-Oct-2017 17:04:08.429 INFO [main] org.apache.coyote.AbstractProtocol.start Starting
ProtocolHandler ["https-jsse-nio-443"]
26-Oct-2017 17:04:08.459 INFO [main] org.apache.coyote.AbstractProtocol.start Starting
ProtocolHandler ["ajp-nio-8009"]
26-Oct-2017 17:04:08.492 INFO [main] org.apache.catalina.startup.Catalina.start
Server startup in 56903 ms
26-Oct-2017 17:05:16.364 WARNING [localhost-startStop-1]
org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of
SecureRandom instance for session ID generation using [SHA1PRNG] took [118,978]
milliseconds.
The exception is:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
Source)
Has anyone else seen something like this? The app is making an internal
SSL connection to another servlet. I don't know why they didn't use a
RequestDispatcher and do .include(), but it's not my code.
Anyhow, am I right that the exception is probably related to the
connectors coming up before the PRNG?
--
George S.
*MH Software, Inc.*
Voice: 303 438 9585
http://www.connectdaily.com