TLS 1.3 with client auth fails with NOT_HANDSHAKING during handshake

Tue, 29 Oct 2019 23:56:52 -0700 

Hi all,

i installed Tomcat 9.0.27 on my Windows 7 machine and using the following java 
runtime to get support for TLSv1.3

Server built:          Oct 7 2019 09:57:22 UTC
Server version number: 9.0.27.0
Architecture:          amd64
JVM Version:           13.0.1+9
JVM Vendor:            Oracle Corporation


My TLS connector is configured with client auth.
        <Connector port="8443" 
protocol="org.apache.coyote.http11.Http11NioProtocol"
                   maxThreads="150" SSLEnabled="true" 
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
                   keystoreFile="conf/keys/server.jks" keystoreType="JKS" 
keystorePass="" keyAlias="server"
                   clientAuth="true" truststoreFile="conf/keys/clients.jks" 
truststorePass="" sslProtocol="TLS">
   </Connector>

If i connect with a browser i can choose my client key but get an error 
afterwards.

The following error happens in SecureNioChannel:
28-Oct-2019 10:04:27.939 FINE [https-jsse-nio-8443-exec-4] 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun Error during SSL 
handshake
        java.io.IOException: NOT_HANDSHAKING during handshake
                at 
org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:193)
                at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1556)
                at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
                at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
                at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
                at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                at java.base/java.lang.Thread.run(Thread.java:830)

With java runtime 8 everything works fine but i do not have TLSv1.3 there, so 
only a TLSv1.2 handshake is done.

Is there anything wrong with my configuration for TLSv1.3 or is it a bug?
I know there may be a workaround by using openssl but the JSSE implementation 
should work as well.

Best regards
Mathias



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to