Re: Strange connection error

Mark Thomas Fri, 11 Jun 2021 13:59:46 -0700

On 11/06/2021 21:01, Mark A. Claassen wrote:

RESOLVED.  (Sort of,  I have questions)
I had to add a -TLSv1.3
        protocols="all -SSLv3 -TLSv1 -TLSv1.3"


https://stackoverflow.com/questions/57601284/java-11-and-12-ssl-sockets-fail-on-a-handshake-failure-error-with-tlsv1-3-enable

Why does the version of Tomcat matter?  I thought OpenSSL was managing all this.
Where is the line between all them?


OpenSSL only does what it is told.

From the 9.0.x changelog

9.0.13
...

Add TLS 1.3 support for the APR/Native connector and the NIO/NIO2connector when using the OpenSSL backed JSSE implementation.

...

Mark


Thanks,

Mark Claassen
Senior Software Engineer

Donnell Systems, Inc.
130 South Main Street
Leighton Plaza Suite 375
South Bend, IN  46601
E-mail: mailto:mclaas...@ocie.net
Voice: (574)232-3784
Fax: (574)232-4014

-------------------------------------------

Confidentiality Notice: OCIESERVICE
-------------------------------------------
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) named in this message. This communication is intended to be 
and to remain confidential. If you are not the intended recipient of this 
message, or if this message has been addressed to you in error, please 
immediately alert the sender by reply e-mail and then delete this message and 
its attachments. Do not deliver, distribute, copy, disclose the contents or 
take any action in reliance upon the information contained in the communication 
or any attachments.


-----Original Message-----
From: Mark A. Claassen <mclaas...@ocie.net>
Sent: Friday, June 11, 2021 3:42 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: RE: Strange connection error

I have tried so many things, I am getting a bit confused. :)

The exception was probably using the NIO connector.  With the APR one I get:
FINER: Destroying socket [140,404,292,849,904] java.lang.Exception
         at 
org.apache.tomcat.util.net.AprEndpoint.destroySocketInternal(AprEndpoint.java:750)
         at 
org.apache.tomcat.util.net.AprEndpoint.access$200(AprEndpoint.java:80)
         at org.apache.tomcat.util.net.AprEndpoint$P

Mark Claassen
Senior Software Engineer

Donnell Systems, Inc.
130 South Main Street
Leighton Plaza Suite 375
South Bend, IN  46601
E-mail: mailto:mclaas...@ocie.net
Voice: (574)232-3784
Fax: (574)232-4014

-------------------------------------------

Confidentiality Notice: OCIESERVICE
-------------------------------------------
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) named in this message. This communication is intended to be 
and to remain confidential. If you are not the intended recipient of this 
message, or if this message has been addressed to you in error, please 
immediately alert the sender by reply e-mail and then delete this message and 
its attachments. Do not deliver, distribute, copy, disclose the contents or 
take any action in reliance upon the information contained in the communication 
or any attachments.


-----Original Message-----
From: Mark A. Claassen <mclaas...@ocie.net>
Sent: Friday, June 11, 2021 3:27 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Strange connection error

I turned all the logging to .FINEST, re-enabled the HTTP APR connector (which 
produces the odd access log entry) and got this exception.  Now, I just need to 
figure out what caused this.

java.io.EOFException
         at 
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.fillReadBuffer(NioEndpoint.java:1345)
         at 
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.read(NioEndpoint.java:1255)
         at 
org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:799)
         at 
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:359)
         at 
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:261)
         at 
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
         at 
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
         at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707)
         at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
         at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
         at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
         at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
         at java.lang.Thread.run(Thread.java:748)


Also, I am not sure why OpenSSL is complaining about the keys when it did not 
with the earlier version of Tomcat?

Jun 11, 2021 3:13:34 PM org.apache.tomcat.util.net.openssl.OpenSSLEngine 
getLastError
FINE: OpenSSL error: [336462231] message: [error:140E0197:SSL 
routines:SSL_shutdown:shutdown while in init] Jun 11, 2021 3:13:34 PM 
org.apache.tomcat.util.net.openssl.OpenSSLEngine getLastError
FINE: OpenSSL error: [337604709] message: [error:141F7065:SSL 
routines:final_key_share:no suitable key share]


Mark Claassen
Senior Software Engineer

Donnell Systems, Inc.
130 South Main Street
Leighton Plaza Suite 375
South Bend, IN  46601
E-mail: mailto:mclaas...@ocie.net
Voice: (574)232-3784
Fax: (574)232-4014

-------------------------------------------

Confidentiality Notice: OCIESERVICE
-------------------------------------------
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) named in this message. This communication is intended to be 
and to remain confidential. If you are not the intended recipient of this 
message, or if this message has been addressed to you in error, please 
immediately alert the sender by reply e-mail and then delete this message and 
its attachments. Do not deliver, distribute, copy, disclose the contents or 
take any action in reliance upon the information contained in the communication 
or any attachments.


-----Original Message-----
From: calder <calder....@gmail.com>
Sent: Thursday, June 10, 2021 7:36 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: [Possible Spam] Re: Strange connection error
Importance: Low

On Thu, Jun 10, 2021, 15:11 Mark A. Claassen <mclaas...@ocie.net> wrote:

Anyway, I will do some research on the debugging technique mentioned
earlier.



https://support.f5.com/csp/article/K50557518


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

B KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB  [  
X  ܚX KK[XZ[
  \ \  ][  X  ܚX P X ]
  \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
  \ \  Z[ X ]
  \X K ܙ B

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Strange connection error

Reply via email to