This was reproduced in dev, staging, testqa on multiple servers. Yes, the response shown is JSON which is puzzling since that only appears when using NIO2. That's why there is so much confusion on this. At the end of the day, I simply deployed Tomcat 8.5.3x64 Windows to each server and migrated all the settings from 8.0.32 to 8.5.3 respectively in the context.xml, server.xml, tomcat-users.xml and web.xml. The biggest change in 8.5.3 was the significant differences in SSL/TLS configuration required to get Tomcat to even startup properly. I'm referring specifically to the connector arguments that have changed. As an example (noting that this works with NIO, but not as shown with NIO2): ***We used to have:*** <Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" maxThreads="10" minSpareThreads="5" acceptCount="100" connectionTimeout="60000" disableUploadTimeout="true" clientAuth="false" secure="true" scheme="https" SSLEnabled="true" sslProtocol="TLS" sslEnabledProtocols="TLSv1.1,TLSv1.2" keystoreFile="D:\certificates\ourJKS.keystore" keystorePass="******" /> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8019" protocol="AJP/1.3" redirectPort="8443" />
***Now changed with 8.5.3 settings:*** <Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" maxThreads="150" disableUploadTimeout="true" SSLEnabled="true" sslDefaultHost="ourServer.com"> <SSLHostConfig hostName="ourServer.com"> <Certificate certificateKeystoreFile="D:\certificates\ourJKS.keystore" certificateKeystorePassword="******" certificateKeyAlias="ourAlias" type="RSA"/> </SSLHostConfig> </Connector> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8019" protocol="AJP/1.3" redirectPort="8443" /> Am I missing something here? Has anyone else tried to do the same with NIO2 protocol and it worked? :-) Regards, Steve Mekkelsen Madden | Systems Engineer Fellow / DBA / Certified Scrum Master | GCS | Pegasystems Inc. Office: (617) 866.6023 | Mobile: (828) 729.9948 | Email: steve.mekkelsen.mad...@pega.com | www.pega.com -----Original Message----- From: Felix Schumacher [mailto:felix.schumac...@internetallee.de] Sent: Thursday, July 07, 2016 12:53 PM To: users@tomcat.apache.org Subject: Re: SSL/TLS 8.5.3 upgrade from 8.0.32 using NIO2 url encoding issues Am 07.07.2016 um 18:32 schrieb Mekkelsen Madden, Steve: > Every request, making the environment virtually unstable and unusable since > everything we do is using xml. The second logs showed json :) In any case, can you reproduce the issue in a dev environment? It would be superb, if you could make a minimal case, where this happens. Regards, Felix > > Regards, > > Steve Mekkelsen Madden | Systems Engineer Fellow / DBA / Certified Scrum > Master | GCS | Pegasystems Inc. > Office: (617) 866.6023 | Mobile: (828) 729.9948 | Email: > steve.mekkelsen.mad...@pega.com | www.pega.com > > > -----Original Message----- > From: Felix Schumacher [mailto:felix.schumac...@internetallee.de] > Sent: Thursday, July 07, 2016 12:30 PM > To: users@tomcat.apache.org > Subject: Re: SSL/TLS 8.5.3 upgrade from 8.0.32 using NIO2 url encoding > issues > > Am 07.07.2016 um 15:04 schrieb Mekkelsen Madden, Steve: >> Hi, sorry for delay and misinformation of the screenshot. The >> screenshot shows Fiddler seeing the correct xml using both NIO and >> NIO2 protocols. Fiddler does not see anything wrong with the >> requests themselves. However, when we enable more debugging on our >> server, the logs are showing this: http://pastebin.com/ShYzr92e >> >> Note that, this is the same test case run with NIO (which works fine and no >> errors) but fails in NIO2. Also, that we have been using NIO2 for many >> months without any issues under Tomcat 8.0.32. It wasn't until the upgrade >> to 8.5.3 that NIO2 just stopped working. Hope this helps. > Can you print out the data on the server side when it fails to parse? > > Is this happening on every request or randomly? > > Regards, > Felix >> Regards, >> >> Steve Mekkelsen Madden | Systems Engineer Fellow / DBA / Certified Scrum >> Master | GCS | Pegasystems Inc. >> Office: (617) 866.6023 | Mobile: (828) 729.9948 | Email: >> steve.mekkelsen.mad...@pega.com | www.pega.com >> >> >> -----Original Message----- >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Sent: Wednesday, July 06, 2016 4:45 PM >> To: Tomcat Users List <users@tomcat.apache.org> >> Subject: Re: SSL/TLS 8.5.3 upgrade from 8.0.32 using NIO2 url >> encoding issues >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Steve, >> >> On 7/6/16 4:22 PM, Mekkelsen Madden, Steve wrote: >>> Here is the image I tried attaching. Sorry about that. >>> [redacted... my SMTP server really doesn't like that URL] >> So... what are we looking at, here? >> >> I see a POST URL that looks perfectly fine. I also see XML in the POST >> request. Is this a shot of Fiddler? Where is the problem? >> >> - -chris >> -----BEGIN PGP SIGNATURE----- >> Comment: GPGTools - http://gpgtools.org >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> >> iQIcBAEBCAAGBQJXfW3LAAoJEBzwKT+lPKRYGsMP/3h+wQNIHoC/95G0VxQY75Kh >> ClI+ny5Z5NeyVsA8iCrZ1rIr/fBEzE/nnHWlX16yPhkaCBQ8PwJ+i2MV11rYArU9 >> yUIhL2xyAxVAqyBUZGrNidzz6gydvJd2MPNGrtHg6shaIA7XtflX9gMUV16J+3m+ >> 7VC+E+lLBwOEcrYbpxJNni36Cn4QQ6f6sHMgLKsbGZZ6PSl7MGVPts6oz6SUkt6T >> rwwPF6QLuovnndWlqt9HDaJtTD9/a9emSZgXKPQYACp8poSZ8xM7SxPn9f1XnX6l >> iyOEc9RYJ3bvKocC8iMKCpSn41/XAGpiS3dwpYbNrN15sd2emRze2seDfJVI4Xtm >> 1d7GRqXUadjCjq/PzDSihrFjHBU+6+7BKd/hdqn6raci6HbtQPizkUTkPDWPXUTg >> T9Y7TOvi9zZNro9jLxErluN/A/niY8so53DFqT2kxV9wr2COf3dRu8UTyFM/4Mul >> 6bcGpno5CjvpfwVltlB8BTwRUctGEWe3kYcUfUBOTMNFFAMUYq+/4saL/gOATD8P >> LMcNXqbkex5fPrARU+vGgQvanFGeZMR7w9UXJbd9ACEWJUgRAnr18/5RtbVzWVjO >> gd4uPaLFgyFV573Hpe4Luzg7OngDu7BXZqThKXXaiG4cZSKmdjyjJVb4709GMOWc >> ARZb7MipIot/KGBBJhNd >> =bPg7 >> -----END PGP SIGNATURE----- >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org