Re: Strange connection error
On Thu, Jun 10, 2021, 15:11 Mark A. Claassen wrote: > Anyway, I will do some research on the debugging technique mentioned > earlier. > https://support.f5.com/csp/article/K50557518 >
RE: Strange connection error
> "useAprConnector [false], useOpenSSL [true]" I looked at an old server and it said the same, so this is probably not related to my problem. Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 --- Confidentiality Notice: OCIESERVICE --- The contents of this e-mail message and any attachments are intended solely for the addressee(s) named in this message. This communication is intended to be and to remain confidential. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and its attachments. Do not deliver, distribute, copy, disclose the contents or take any action in reliance upon the information contained in the communication or any attachments. -Original Message- From: Mark A. Claassen Sent: Thursday, June 10, 2021 4:46 PM To: Tomcat Users List Subject: RE: Strange connection error I am still trying to figure out the debugging, but I did see that, going through the reverse proxy and direct, it is using TLS1.2. From wireshark (no debugging) Going through the reverse proxy, there is a ClientHello, two ACK, and then a ServerHello Going direct, I get the ClientHello and two ACK, but no ServerHello. The forth message there is the error response. I am still confused as to why any of this is changed since I am using OpenSSL. Unless the problem is from: "useAprConnector [false], useOpenSSL [true]" Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 --- Confidentiality Notice: OCIESERVICE --- The contents of this e-mail message and any attachments are intended solely for the addressee(s) named in this message. This communication is intended to be and to remain confidential. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and its attachments. Do not deliver, distribute, copy, disclose the contents or take any action in reliance upon the information contained in the communication or any attachments. -Original Message- From: Mark A. Claassen Sent: Thursday, June 10, 2021 4:11 PM To: Tomcat Users List Subject: RE: Strange connection error Here is what I get in catalina.out now. Hopefully this is all correct. I am a bit confused by "useAprConnector [false], useOpenSSL [true]" Anyway, I will do some research on the debugging technique mentioned earlier. -- Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Loaded Apache Tomcat Native library [1.2.28] using APR version [1.6.3]. Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener initializeSSL INFO: OpenSSL successfully initialized [OpenSSL 1.1.1 11 Sep 2018] Jun 10, 2021 4:05:42 PM org.apache.coyote.http11.AbstractHttp11Protocol configureUpgradeProtocol INFO: The ["http-apr-127.0.0.1-8608"] connector has been configured to support HTTP upgrade to [h2c] Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. -Original Message- From: Mark A. Claassen Sent: Thursday, June 10, 2021 2:41 PM To: Tomcat Users List Subject: Re: Strange connection error Thanks for the tip. To be honest, I am not exactly sure how to set that up, but since it involves the rebuilding of the native libraries, I will start with that. Maybe that alone will solve the issue. If not, I will try to figure out how to debug all this. If I get stuck, I will post another message. I will also post a message when this is solved, in case anyone else encounters similar behavior. Thanks again, - Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601
RE: Strange connection error
I am still trying to figure out the debugging, but I did see that, going through the reverse proxy and direct, it is using TLS1.2. From wireshark (no debugging) Going through the reverse proxy, there is a ClientHello, two ACK, and then a ServerHello Going direct, I get the ClientHello and two ACK, but no ServerHello. The forth message there is the error response. I am still confused as to why any of this is changed since I am using OpenSSL. Unless the problem is from: "useAprConnector [false], useOpenSSL [true]" Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 --- Confidentiality Notice: OCIESERVICE --- The contents of this e-mail message and any attachments are intended solely for the addressee(s) named in this message. This communication is intended to be and to remain confidential. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and its attachments. Do not deliver, distribute, copy, disclose the contents or take any action in reliance upon the information contained in the communication or any attachments. -Original Message- From: Mark A. Claassen Sent: Thursday, June 10, 2021 4:11 PM To: Tomcat Users List Subject: RE: Strange connection error Here is what I get in catalina.out now. Hopefully this is all correct. I am a bit confused by "useAprConnector [false], useOpenSSL [true]" Anyway, I will do some research on the debugging technique mentioned earlier. -- Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Loaded Apache Tomcat Native library [1.2.28] using APR version [1.6.3]. Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener initializeSSL INFO: OpenSSL successfully initialized [OpenSSL 1.1.1 11 Sep 2018] Jun 10, 2021 4:05:42 PM org.apache.coyote.http11.AbstractHttp11Protocol configureUpgradeProtocol INFO: The ["http-apr-127.0.0.1-8608"] connector has been configured to support HTTP upgrade to [h2c] Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. -Original Message- From: Mark A. Claassen Sent: Thursday, June 10, 2021 2:41 PM To: Tomcat Users List Subject: Re: Strange connection error Thanks for the tip. To be honest, I am not exactly sure how to set that up, but since it involves the rebuilding of the native libraries, I will start with that. Maybe that alone will solve the issue. If not, I will try to figure out how to debug all this. If I get stuck, I will post another message. I will also post a message when this is solved, in case anyone else encounters similar behavior. Thanks again, - Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 --- Confidentiality Notice: OCIESERVICE --- The contents of this e-mail message and any attachments are intended solely for the addressee(s) named in this message. This communication is intended to be and to remain confidential. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and its attachments. Do not deliver, distribute, copy, disclose the contents or take any action in reliance upon the information contained in the communication or any attachments. -Original Message- From: Mark Thomas Sent: Thursday, June 10, 2021 2:01 PM To: users@tomcat.apache.org Subject: [Possible Spam] Re: Strange connection error Importance: Low On 10/06/2021 18:11, Mark A. Claassen wrote: > Thanks for the reply. > > Is doesn't seem like OpenSSL is rejecting the connection. I would have > thought that if OpenSSL would have rejected the connection, it would not hit > even hit the
RE: Strange connection error
Here is what I get in catalina.out now. Hopefully this is all correct. I am a bit confused by "useAprConnector [false], useOpenSSL [true]" Anyway, I will do some research on the debugging technique mentioned earlier. -- Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Loaded Apache Tomcat Native library [1.2.28] using APR version [1.6.3]. Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] Jun 10, 2021 4:05:42 PM org.apache.catalina.core.AprLifecycleListener initializeSSL INFO: OpenSSL successfully initialized [OpenSSL 1.1.1 11 Sep 2018] Jun 10, 2021 4:05:42 PM org.apache.coyote.http11.AbstractHttp11Protocol configureUpgradeProtocol INFO: The ["http-apr-127.0.0.1-8608"] connector has been configured to support HTTP upgrade to [h2c] Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. -Original Message- From: Mark A. Claassen Sent: Thursday, June 10, 2021 2:41 PM To: Tomcat Users List Subject: Re: Strange connection error Thanks for the tip. To be honest, I am not exactly sure how to set that up, but since it involves the rebuilding of the native libraries, I will start with that. Maybe that alone will solve the issue. If not, I will try to figure out how to debug all this. If I get stuck, I will post another message. I will also post a message when this is solved, in case anyone else encounters similar behavior. Thanks again, - Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 --- Confidentiality Notice: OCIESERVICE --- The contents of this e-mail message and any attachments are intended solely for the addressee(s) named in this message. This communication is intended to be and to remain confidential. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and its attachments. Do not deliver, distribute, copy, disclose the contents or take any action in reliance upon the information contained in the communication or any attachments. -Original Message- From: Mark Thomas Sent: Thursday, June 10, 2021 2:01 PM To: users@tomcat.apache.org Subject: [Possible Spam] Re: Strange connection error Importance: Low On 10/06/2021 18:11, Mark A. Claassen wrote: > Thanks for the reply. > > Is doesn't seem like OpenSSL is rejecting the connection. I would have > thought that if OpenSSL would have rejected the connection, it would not hit > even hit the access log. Maybe that is not the case. > > But, to answer your question, we did not upgrade the version of Java. We are > using 1.8.0_265 on the server. The Java client did not change either. Try using Wireshark with SSLKEYLOGFILE to look at the decrypted version. You'll get a lot more info about what is going on. I think you'll need to update Tomcat Native to do that though. I don't think Java supports that env variable. Mark > > > > Mark Claassen > Senior Software Engineer > > Donnell Systems, Inc. > 130 South Main Street > Leighton Plaza Suite 375 > South Bend, IN 46601 > E-mail: mailto:mclaas...@ocie.net > Voice: (574)232-3784 > Fax: (574)232-4014 > > Disclaimer: > The opinions provided herein do not necessarily state or reflect those > of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes > no legal liability or responsibility for the posting. > > > -Original Message- > From: jonmcalexan...@wellsfargo.com.INVALID > > Sent: Thursday, June 10, 2021 12:02 PM > To: users@tomcat.apache.org > Subject: [Possible Spam] RE: Strange connection error > Importance: Low > > Is it a cypher issue? (noting the handshake issue). Did you also upgrade the > Java at the same time? > > Dream * Excel * Explore * Inspire > Jon McAlexander > Infrastructure Engineer > Asst Vice President > > Middleware Product Engineering > Enterprise CIO | Platform Services | Middleware | Infrastructure > Solutions > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > Tel 515-988-2508 | Cell 515-988-2508 > >
Re: Strange connection error
Thanks for the tip. To be honest, I am not exactly sure how to set that up, but since it involves the rebuilding of the native libraries, I will start with that. Maybe that alone will solve the issue. If not, I will try to figure out how to debug all this. If I get stuck, I will post another message. I will also post a message when this is solved, in case anyone else encounters similar behavior. Thanks again, - Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 --- Confidentiality Notice: OCIESERVICE --- The contents of this e-mail message and any attachments are intended solely for the addressee(s) named in this message. This communication is intended to be and to remain confidential. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and its attachments. Do not deliver, distribute, copy, disclose the contents or take any action in reliance upon the information contained in the communication or any attachments. -Original Message- From: Mark Thomas Sent: Thursday, June 10, 2021 2:01 PM To: users@tomcat.apache.org Subject: [Possible Spam] Re: Strange connection error Importance: Low On 10/06/2021 18:11, Mark A. Claassen wrote: > Thanks for the reply. > > Is doesn't seem like OpenSSL is rejecting the connection. I would have > thought that if OpenSSL would have rejected the connection, it would not hit > even hit the access log. Maybe that is not the case. > > But, to answer your question, we did not upgrade the version of Java. We are > using 1.8.0_265 on the server. The Java client did not change either. Try using Wireshark with SSLKEYLOGFILE to look at the decrypted version. You'll get a lot more info about what is going on. I think you'll need to update Tomcat Native to do that though. I don't think Java supports that env variable. Mark > > > > Mark Claassen > Senior Software Engineer > > Donnell Systems, Inc. > 130 South Main Street > Leighton Plaza Suite 375 > South Bend, IN 46601 > E-mail: mailto:mclaas...@ocie.net > Voice: (574)232-3784 > Fax: (574)232-4014 > > Disclaimer: > The opinions provided herein do not necessarily state or reflect those > of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes > no legal liability or responsibility for the posting. > > > -Original Message- > From: jonmcalexan...@wellsfargo.com.INVALID > > Sent: Thursday, June 10, 2021 12:02 PM > To: users@tomcat.apache.org > Subject: [Possible Spam] RE: Strange connection error > Importance: Low > > Is it a cypher issue? (noting the handshake issue). Did you also upgrade the > Java at the same time? > > Dream * Excel * Explore * Inspire > Jon McAlexander > Infrastructure Engineer > Asst Vice President > > Middleware Product Engineering > Enterprise CIO | Platform Services | Middleware | Infrastructure > Solutions > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > Tel 515-988-2508 | Cell 515-988-2508 > > jonmcalexan...@wellsfargo.com > > Upcoming PTO: 10/30/2020, 11/6/2020, 11/13/2020, 11/20/2020, 11/27/2020, > 12/2/2020, 12/4/2020, 12/11/2020, 12/18/2020, 12/28/2020, 12/29/2020, > 12/30/2020, 12/31/2020 This message may contain confidential and/or > privileged information. If you are not the addressee or authorized to receive > this for the addressee, you must not use, copy, disclose, or take any action > based on this message or any information herein. If you have received this > message in error, please advise the sender immediately by reply e-mail and > delete this message. Thank you for your cooperation. > > >> -Original Message- >> From: Mark A. Claassen >> Sent: Thursday, June 10, 2021 10:38 AM >> To: users@tomcat.apache.org >> Subject: Strange connection error >> >> I just upgraded from 9.0.12 to 9.0.46. Everything seemed to go >> pretty smoothly, but I am getting a strange connection error from >> certain connections >> >> We have several different things that connect to the webserver. >> Browsers connect fine. We have a monitoring script in Perl that >> works fine. However, a Java program, which worked fine under the old >> version of tomcat, can no longer connect. >> >> The access log prints out very odd information. Right now it is configured >> as: >> pattern="%{-MM-dd HH:mm:ss}t %H %h %m %U >> %q STATUS(%s) BYTES(%b) %{User-Agent}i >> %{Referer}i& quot; %I"/> >> >> However the output for this failed connection is: >> 2021-06-10 11:21:19 null [[Actual IP address]] null "null" "" >> STATUS(400) BYTES(-) "-" "-" null All other connections show in the >> access log as I would expect.
Re: Strange connection error
On 10/06/2021 18:11, Mark A. Claassen wrote: Thanks for the reply. Is doesn't seem like OpenSSL is rejecting the connection. I would have thought that if OpenSSL would have rejected the connection, it would not hit even hit the access log. Maybe that is not the case. But, to answer your question, we did not upgrade the version of Java. We are using 1.8.0_265 on the server. The Java client did not change either. Try using Wireshark with SSLKEYLOGFILE to look at the decrypted version. You'll get a lot more info about what is going on. I think you'll need to update Tomcat Native to do that though. I don't think Java supports that env variable. Mark Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. -Original Message- From: jonmcalexan...@wellsfargo.com.INVALID Sent: Thursday, June 10, 2021 12:02 PM To: users@tomcat.apache.org Subject: [Possible Spam] RE: Strange connection error Importance: Low Is it a cypher issue? (noting the handshake issue). Did you also upgrade the Java at the same time? Dream * Excel * Explore * Inspire Jon McAlexander Infrastructure Engineer Asst Vice President Middleware Product Engineering Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com Upcoming PTO: 10/30/2020, 11/6/2020, 11/13/2020, 11/20/2020, 11/27/2020, 12/2/2020, 12/4/2020, 12/11/2020, 12/18/2020, 12/28/2020, 12/29/2020, 12/30/2020, 12/31/2020 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Mark A. Claassen Sent: Thursday, June 10, 2021 10:38 AM To: users@tomcat.apache.org Subject: Strange connection error I just upgraded from 9.0.12 to 9.0.46. Everything seemed to go pretty smoothly, but I am getting a strange connection error from certain connections We have several different things that connect to the webserver. Browsers connect fine. We have a monitoring script in Perl that works fine. However, a Java program, which worked fine under the old version of tomcat, can no longer connect. The access log prints out very odd information. Right now it is configured as: pattern="%{-MM-dd HH:mm:ss}t %H %h %m %U %q STATUS(%s) BYTES(%b) %{User-Agent}i %{Referer}i& quot; %I"/> However the output for this failed connection is: 2021-06-10 11:21:19 null [[Actual IP address]] null "null" "" STATUS(400) BYTES(-) "-" "-" null All other connections show in the access log as I would expect. Does anyone have any idea what is going on here? - Extra Information: - I am using the APR connector and OpenSSL. - I did not recompile any of the native libraries; they are still using the ones from 9.0.12. - We have an Apache webserver we use as a reverse proxy. When connecting through that, things work. - Wireshark has this to say about the failure: TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure) Content Type: Alert (21) Length: 2 Alert Message Level: Fatal (2) Description: Handshake Failure (40) Thanks for your time, Mark --- Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Strange connection error
Thanks for the reply. Is doesn't seem like OpenSSL is rejecting the connection. I would have thought that if OpenSSL would have rejected the connection, it would not hit even hit the access log. Maybe that is not the case. But, to answer your question, we did not upgrade the version of Java. We are using 1.8.0_265 on the server. The Java client did not change either. Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. -Original Message- From: jonmcalexan...@wellsfargo.com.INVALID Sent: Thursday, June 10, 2021 12:02 PM To: users@tomcat.apache.org Subject: [Possible Spam] RE: Strange connection error Importance: Low Is it a cypher issue? (noting the handshake issue). Did you also upgrade the Java at the same time? Dream * Excel * Explore * Inspire Jon McAlexander Infrastructure Engineer Asst Vice President Middleware Product Engineering Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com Upcoming PTO: 10/30/2020, 11/6/2020, 11/13/2020, 11/20/2020, 11/27/2020, 12/2/2020, 12/4/2020, 12/11/2020, 12/18/2020, 12/28/2020, 12/29/2020, 12/30/2020, 12/31/2020 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -Original Message- > From: Mark A. Claassen > Sent: Thursday, June 10, 2021 10:38 AM > To: users@tomcat.apache.org > Subject: Strange connection error > > I just upgraded from 9.0.12 to 9.0.46. Everything seemed to go pretty > smoothly, but I am getting a strange connection error from certain > connections > > We have several different things that connect to the webserver. > Browsers connect fine. We have a monitoring script in Perl that works > fine. However, a Java program, which worked fine under the old > version of tomcat, can no longer connect. > > The access log prints out very odd information. Right now it is configured > as: > pattern="%{-MM-dd HH:mm:ss}t %H %h %m %U > %q STATUS(%s) BYTES(%b) %{User-Agent}i > %{Referer}i& quot; %I"/> > > However the output for this failed connection is: > 2021-06-10 11:21:19 null [[Actual IP address]] null "null" "" > STATUS(400) BYTES(-) "-" "-" null All other connections show in the > access log as I would expect. > > Does anyone have any idea what is going on here? > - > Extra Information: > - I am using the APR connector and OpenSSL. > - I did not recompile any of the native libraries; they are still > using the ones from 9.0.12. > - We have an Apache webserver we use as a reverse proxy. When > connecting through that, things work. > > - Wireshark has this to say about the failure: > > TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake > Failure) > Content Type: Alert (21) > Length: 2 > Alert Message > Level: Fatal (2) > Description: Handshake Failure (40) Thanks for your > time, Mark > > --- > Mark Claassen > Senior Software Engineer > > Donnell Systems, Inc. > 130 South Main Street > Leighton Plaza Suite 375 > South Bend, IN 46601 > E-mail: mailto:mclaas...@ocie.net > Voice: (574)232-3784 > Fax: (574)232-4014 > > Disclaimer: > The opinions provided herein do not necessarily state or reflect those > of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes > no legal liability or responsibility for the posting. > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: client write waits on postgresql RDS
Ayub, On 6/10/21 01:10, Ayub Khan wrote: Seeing client write waits on postgresql as attached in the image. Image attachments are removed from this list. Please use text to describe what's happening. Is there any bottle neck which is causing the client write waits on postgresql? Sounds like a question for PostgreSQL. Below is the test setup Jmeter-->(load balanced tomcat on ec2 instances)>rds read replicas All these are running on different ec2 instances in AWS cloud in the same region below is the config of the http connector on tomcat: connectionTimeout="12" maxThreads="5" maxConnections="5" URIEncoding="UTF-8" redirectPort="8443" /> That's a LOT of threads. Below are the specs of the server: Ec2 instance which is running tomcat 8.5 c5.9x large 36 vpcu 72GB memory 10GBPS network EBS band width 9500 That's a lot of CPUs. I'm curious as to what you're doing with all that. postgresql RDS db.r6g.16xlarge 512 GB memory 64 VCPU 25 Gibs network AWS Gravitron cpu -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Strange connection error
Is it a cypher issue? (noting the handshake issue). Did you also upgrade the Java at the same time? Dream * Excel * Explore * Inspire Jon McAlexander Infrastructure Engineer Asst Vice President Middleware Product Engineering Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com Upcoming PTO: 10/30/2020, 11/6/2020, 11/13/2020, 11/20/2020, 11/27/2020, 12/2/2020, 12/4/2020, 12/11/2020, 12/18/2020, 12/28/2020, 12/29/2020, 12/30/2020, 12/31/2020 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -Original Message- > From: Mark A. Claassen > Sent: Thursday, June 10, 2021 10:38 AM > To: users@tomcat.apache.org > Subject: Strange connection error > > I just upgraded from 9.0.12 to 9.0.46. Everything seemed to go pretty > smoothly, but I am getting a strange connection error from certain > connections > > We have several different things that connect to the webserver. Browsers > connect fine. We have a monitoring script in Perl that works fine. However, > a Java program, which worked fine under the old version of tomcat, can no > longer connect. > > The access log prints out very odd information. Right now it is configured > as: > pattern="%{-MM-dd HH:mm:ss}t %H %h %m %U > %q STATUS(%s) BYTES(%b) %{User-Agent}i > %{Referer}i& quot; %I"/> > > However the output for this failed connection is: > 2021-06-10 11:21:19 null [[Actual IP address]] null "null" "" > STATUS(400) BYTES(-) "-" "-" null All other connections show in the access log > as I would expect. > > Does anyone have any idea what is going on here? > - > Extra Information: > - I am using the APR connector and OpenSSL. > - I did not recompile any of the native libraries; they are still using the > ones > from 9.0.12. > - We have an Apache webserver we use as a reverse proxy. When > connecting through that, things work. > > - Wireshark has this to say about the failure: > > TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake > Failure) > Content Type: Alert (21) > Length: 2 > Alert Message > Level: Fatal (2) > Description: Handshake Failure (40) > Thanks for your time, > Mark > > --- > Mark Claassen > Senior Software Engineer > > Donnell Systems, Inc. > 130 South Main Street > Leighton Plaza Suite 375 > South Bend, IN 46601 > E-mail: mailto:mclaas...@ocie.net > Voice: (574)232-3784 > Fax: (574)232-4014 > > Disclaimer: > The opinions provided herein do not necessarily state or reflect those of > Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal > liability or responsibility for the posting. > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Strange connection error
I just upgraded from 9.0.12 to 9.0.46. Everything seemed to go pretty smoothly, but I am getting a strange connection error from certain connections We have several different things that connect to the webserver. Browsers connect fine. We have a monitoring script in Perl that works fine. However, a Java program, which worked fine under the old version of tomcat, can no longer connect. The access log prints out very odd information. Right now it is configured as: pattern="%{-MM-dd HH:mm:ss}t %H %h %m %U %q STATUS(%s) BYTES(%b) %{User-Agent}i %{Referer}i& quot; %I"/> However the output for this failed connection is: 2021-06-10 11:21:19 null [[Actual IP address]] null "null" "" STATUS(400) BYTES(-) "-" "-" null All other connections show in the access log as I would expect. Does anyone have any idea what is going on here? - Extra Information: - I am using the APR connector and OpenSSL. - I did not recompile any of the native libraries; they are still using the ones from 9.0.12. - We have an Apache webserver we use as a reverse proxy. When connecting through that, things work. - Wireshark has this to say about the failure: TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure) Content Type: Alert (21) Length: 2 Alert Message Level: Fatal (2) Description: Handshake Failure (40) Thanks for your time, Mark --- Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, IN 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need help on ssl handshake logging for audit purpose
On 10/06/2021 12:40, Ragavendhiran Bhiman (rabhiman) wrote: Any help please? Exact JDK name and version? Mark From: Ragavendhiran Bhiman (rabhiman) Date: Wednesday, 9 June 2021 at 7:37 PM To: Tomcat Users List Subject: Re: Need help on ssl handshake logging for audit purpose Hi John I am getting the output like this 10966181161114832473721710433823523866273491920411012289522541835156 0451112281652151321572412101201618710026238431618119549401121401171233324158 42501341314694224184221573623625026123232102239748963162282031315479568415410816714824988456515811161712381042357237101163207528011232191246200181691271811772110: A8 3C 2E B6 4E DD 31 26 AB F1 06 00 8C 2E E8 4F .<..N.1&...O 0010: D4 92 83 35 E1 DA 1D E7 A1 C8 CB E5 5A 2E DB FA ...5Z... : 60 C0 4A 1A 6D 42 B5 A1 72 53 F7 25 D9 68 03 26 `.J.mB..rS.%.h.& 0010: EB EE 42 1B 03 31 13 CC 6E 7A 59 34 FE B7 05 9C ..B..1..nzY4 : 22 70 51 FA 2D 6F E4 A5 D7 84 9D F1 D2 78 A1 57 "pQ.-o...x.W 0010: 64 1A EE 2B A1 51 C3 31 28 70 8C 75 7B 21 F1 3A d..+.Q.1(p.u.!.: : 83 04 6C 63 69 8A E8 0B F5 43 9E 05 0C 0A E8 16 ..lciC.. 0010: 96 93 E4 6A 87 13 F6 7D 0D 1D 20 08 27 31 82 27 ...j.. .'1.' 0020: 1B 8A F0 18 D2 DD 5E BB 0A DF A6 E2 14 81 E3 DC ..^. : 4A D4 E5 68 C2 63 F8 91 3D 76 B3 41 41 07 67 6D J..h.c..=v.AA.gm : 57 8A 27 73 2F B5 16 24 03 A3 21 37 D1 F4 29 32 W.'s/..$..!7..)2 : 4C B5 BB 4FL..O : B4 B7 59 3B..Y; 22618924724621010316224313810322810210322025425412734108751091578720586134212421861742242322282151444201162195251381361052262242071952223010517584 086134212421861742242322282151444201162195251381361052262242071952223010517584 050168210587015618110341164162418918160185202512541454715622811317821717232 050168210587015618110341164162418918160185202512541454715622811317821717232 017018119731266076432682421698238201241421872101374251165943619924771 017018119731266076432682421698238201241421872101374251165943619924771 0197513234491791511232391311646424511639144164531851431382451535291109105173 0197513234491791511232391311646424511639144164531851431382451535291109105173 0165273404544562229869431866751661420731628519075881212516497 0165273404544562229869431866751661420731628519075881212516497 0162215220131114313012964121735315431197818226189183158121672152730255135 0162215220131114313012964121735315431197818226189183158121672152730255135 0174251623522412132441636156193199643314391140113617521632383522891177 0174251623522412132441636156193199643314391140113617521632383522891177 016172153323923311721332236451412341979725524824323115820018920327155244 016172153323923311721332236451412341979725524824323115820018920327155244 02555162931826317721088252116103172112174681781811831591951062001732151285667 02555162931826317721088252116103172112174681781811831591951062001732151285667 02434513417921281596377905722819048352231781071546621230722431053615071 02434513417921281596377905722819048352231781071546621230722431053615071 0341744557183234171232141168229125938115013199142137050247921521265183188 0341744557183234171232141168229125938115013199142137050247921521265183188 013962213818324423661197416712420868203102001795024773201441213623025467 013962213818324423661197416712420868203102001795024773201441213623025467 02263295187184129931764824618134152429721124328179572171522446620714230247 02263295187184129931764824618134152429721124328179572171522446620714230247 025210871552362171396122248195434021117619979659286210176194770163241139 025210871552362171396122248195434021117619979659286210176194770163241139 028159162521301292351143532172061711341592073874203241142251185189489420 028159162521301292351143532172061711341592073874203241142251185189489420 03956222114828171171751315334156124240187685701262397019722317714025541 020363141169591622613713314615297431001152129929143100621753222047191159 : 60 C0 4A 36 03 5F 3E DD 94 1C AB AB 4B 83 35 22 `.J6._>.K.5" 0010: 9C 7C F0 BB 44 39 00 7E EF 46 C5 DF B1 8C FF 29 D9...F.) : 83 F1 8F 38 CB 3F 8D A9 3B A2 1A 89 85 92 98 61 ...8.?..;..a 0010: 2B 64 73 D4 63 1D 8F 64 3E 11 35 16 CC 47 5B 9F +ds.c..d>.5..G[. : FC 59 08 24 49 7F 24 E5 17 98 15 9C 6D 4D CF 34 .Y.$I.$.mM.4 0010: 45 C6 58 A9 45 5A 78 38 0D 4F 52 1A 65 43 B0 2C E.X.EZx8.OR.eC., 0020: 17 C4 B5 23 DE 57 15 60 2C 65 24 B6 2B 9A 31 AE ...#.W.`,e$.+.1. : CD F2 EE 3C 1C D1 1F 13 A5 EB AA 8A DA EF A2 09 ...< : 6F 30 03 F9 0E C4 79 F1 C8 2E E3 57 6F 90 26 C8 o0yWo.&. : 34 24 0E D74$.. : 2B D4 B7 01+... 18221835149659103228381331551575241147331031321291661321159 No client Hello messages etc., in the Catalina.out log. I tried to change the encoding but still the same issue. Thanks & Regards,
Re: Need help on ssl handshake logging for audit purpose
Any help please? From: Ragavendhiran Bhiman (rabhiman) Date: Wednesday, 9 June 2021 at 7:37 PM To: Tomcat Users List Subject: Re: Need help on ssl handshake logging for audit purpose Hi John I am getting the output like this 10966181161114832473721710433823523866273491920411012289522541835156 0451112281652151321572412101201618710026238431618119549401121401171233324158 42501341314694224184221573623625026123232102239748963162282031315479568415410816714824988456515811161712381042357237101163207528011232191246200181691271811772110: A8 3C 2E B6 4E DD 31 26 AB F1 06 00 8C 2E E8 4F .<..N.1&...O 0010: D4 92 83 35 E1 DA 1D E7 A1 C8 CB E5 5A 2E DB FA ...5Z... : 60 C0 4A 1A 6D 42 B5 A1 72 53 F7 25 D9 68 03 26 `.J.mB..rS.%.h.& 0010: EB EE 42 1B 03 31 13 CC 6E 7A 59 34 FE B7 05 9C ..B..1..nzY4 : 22 70 51 FA 2D 6F E4 A5 D7 84 9D F1 D2 78 A1 57 "pQ.-o...x.W 0010: 64 1A EE 2B A1 51 C3 31 28 70 8C 75 7B 21 F1 3A d..+.Q.1(p.u.!.: : 83 04 6C 63 69 8A E8 0B F5 43 9E 05 0C 0A E8 16 ..lciC.. 0010: 96 93 E4 6A 87 13 F6 7D 0D 1D 20 08 27 31 82 27 ...j.. .'1.' 0020: 1B 8A F0 18 D2 DD 5E BB 0A DF A6 E2 14 81 E3 DC ..^. : 4A D4 E5 68 C2 63 F8 91 3D 76 B3 41 41 07 67 6D J..h.c..=v.AA.gm : 57 8A 27 73 2F B5 16 24 03 A3 21 37 D1 F4 29 32 W.'s/..$..!7..)2 : 4C B5 BB 4FL..O : B4 B7 59 3B..Y; 22618924724621010316224313810322810210322025425412734108751091578720586134212421861742242322282151444201162195251381361052262242071952223010517584 086134212421861742242322282151444201162195251381361052262242071952223010517584 050168210587015618110341164162418918160185202512541454715622811317821717232 050168210587015618110341164162418918160185202512541454715622811317821717232 017018119731266076432682421698238201241421872101374251165943619924771 017018119731266076432682421698238201241421872101374251165943619924771 0197513234491791511232391311646424511639144164531851431382451535291109105173 0197513234491791511232391311646424511639144164531851431382451535291109105173 0165273404544562229869431866751661420731628519075881212516497 0165273404544562229869431866751661420731628519075881212516497 0162215220131114313012964121735315431197818226189183158121672152730255135 0162215220131114313012964121735315431197818226189183158121672152730255135 0174251623522412132441636156193199643314391140113617521632383522891177 0174251623522412132441636156193199643314391140113617521632383522891177 016172153323923311721332236451412341979725524824323115820018920327155244 016172153323923311721332236451412341979725524824323115820018920327155244 02555162931826317721088252116103172112174681781811831591951062001732151285667 02555162931826317721088252116103172112174681781811831591951062001732151285667 02434513417921281596377905722819048352231781071546621230722431053615071 02434513417921281596377905722819048352231781071546621230722431053615071 0341744557183234171232141168229125938115013199142137050247921521265183188 0341744557183234171232141168229125938115013199142137050247921521265183188 013962213818324423661197416712420868203102001795024773201441213623025467 013962213818324423661197416712420868203102001795024773201441213623025467 02263295187184129931764824618134152429721124328179572171522446620714230247 02263295187184129931764824618134152429721124328179572171522446620714230247 025210871552362171396122248195434021117619979659286210176194770163241139 025210871552362171396122248195434021117619979659286210176194770163241139 028159162521301292351143532172061711341592073874203241142251185189489420 028159162521301292351143532172061711341592073874203241142251185189489420 03956222114828171171751315334156124240187685701262397019722317714025541 020363141169591622613713314615297431001152129929143100621753222047191159 : 60 C0 4A 36 03 5F 3E DD 94 1C AB AB 4B 83 35 22 `.J6._>.K.5" 0010: 9C 7C F0 BB 44 39 00 7E EF 46 C5 DF B1 8C FF 29 D9...F.) : 83 F1 8F 38 CB 3F 8D A9 3B A2 1A 89 85 92 98 61 ...8.?..;..a 0010: 2B 64 73 D4 63 1D 8F 64 3E 11 35 16 CC 47 5B 9F +ds.c..d>.5..G[. : FC 59 08 24 49 7F 24 E5 17 98 15 9C 6D 4D CF 34 .Y.$I.$.mM.4 0010: 45 C6 58 A9 45 5A 78 38 0D 4F 52 1A 65 43 B0 2C E.X.EZx8.OR.eC., 0020: 17 C4 B5 23 DE 57 15 60 2C 65 24 B6 2B 9A 31 AE ...#.W.`,e$.+.1. : CD F2 EE 3C 1C D1 1F 13 A5 EB AA 8A DA EF A2 09 ...< : 6F 30 03 F9 0E C4 79 F1 C8 2E E3 57 6F 90 26 C8 o0yWo.&. : 34 24 0E D74$.. : 2B D4 B7 01+... 18221835149659103228381331551575241147331031321291661321159 No client Hello messages etc., in the Catalina.out log. I tried to change the encoding but still the same issue. Thanks & Regards, Raghav From: john.e.gr...@wellsfargo.com.INVALID Date: Wednesday, 9 June 2021 at 7:20 PM To:
Re: Heap allocations when switching from Tomcat 7 to Tomcat 8
On 09/06/2021 19:12, James H. H. Lampert wrote: We are beginning to migrate some of our customers from Tomcat 7 to Tomcat 8.5. Some of them have performance issues even with heap allocations of -Xms4096m -Xmx5120m Would it be necessary to go even bigger with Tomcat 8.5? Generally I'd say the heap requirements shouldn't change noticeably between Tomcat versions but, particularly with the changes to resource loading in 8.5, there will be some changes and it is possible that they are large for some edge cases. As always with performance issues, my recommendation is to use a profiler and get some data on what is going on. That makes figuring and the why and then the right solution a lot easier. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org