Re: Browsers suddenly start timing out when accessing port 80 of secure site

2014-06-24 Thread Bruce Lombardi
Thanks for the response Konstantinos. I'll look into the HSTS header. The 
behavior you describe may be what is happening.

Bruce

Sent from my iPad

 On Jun 24, 2014, at 8:51 AM, Konstantin Preißer kpreis...@apache.org wrote:
 
 Hi,
 
 -Original Message-
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Sent: Tuesday, June 24, 2014 2:42 PM
 To: Tomcat Users List
 Subject: Re: Browsers suddenly start timing out when accessing port 80 of
 secure site
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256
 
 Bruce,
 
 On 6/23/14, 2:30 PM, Bruce Lombardi wrote:
 Moving the SSL port from 8443 to 443 has solved the problem. It
 appears that when the url www.something.net is entered, Firefox
 remembers that this is an SSL site and automatically add the s
 to get https. In fact after the timeout the url line in the
 browser shows https:www.something.net. Obviously, this is
 defaulting to the standard SSL port (443), which does not work if
 8443 is used. Moving the port to 443 solved the problem.
 
 If you read about setting up Tomcat, the default SSL port is 8443.
 Maybe this is done for testing, but it never seems to be explained
 that there might be problems with 8443.
 
 I have never experienced the behavior you describe. Certain clients do
 cache responses from servers, so it's possible that you had a bad setup
 at some point that redirected :80 - :443 and then Firefox wouldn't
 forget that response and change to :8443.
 
 It might also be possible that the website used HSTS which forces compliant 
 browsers (hopefully IE too in near future) to only view a site in HTTPS. I 
 haven't tested how Firefox handles this, but I can imagine that when the 
 website on :8443 sets an HSTS header and the user enters www.example.com, 
 that Firefox automatically switches this to https://www.example.com/; which 
 is Port 443.
 
 
 Regards,
 Konstantin Preißer
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Browsers suddenly start timing out when accessing port 80 of secure site

2014-06-23 Thread Bruce Lombardi
Moving the SSL port from 8443 to 443 has solved the problem. It appears that 
when the url www.something.net is entered, Firefox remembers that this is an 
SSL site and automatically add the s to get https. In fact after the timeout 
the url line in the browser shows https:www.something.net. Obviously, this is 
defaulting to the standard SSL port (443), which does not work if 8443 is used. 
Moving the port to 443 solved the problem.

If you read about setting up Tomcat, the default SSL port is 8443. Maybe this 
is done for testing, but it never seems to be explained that there might be 
problems with 8443.

- Bruce

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Friday, June 20, 2014 10:51 AM
To: Tomcat Users List
Subject: Re: Browsers suddenly start timing out when accessing port 80 of 
secure site

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jeffrey,

On 6/20/14, 10:24 AM, Jeffrey Janner wrote:
 -Original Message- From: Bruce Lombardi 
 [mailto:brlom...@gmail.com] Sent: Thursday, June 19, 2014 11:33 AM 
 To: users@tomcat.apache.org Subject: Browsers suddenly start timing 
 out when accessing port 80 of secure site
 
 We have a Java application running on Tomcat 7.0.52 on an Amazon Web 
 Services EC2 Windows 2008 R2 server. Tomcat is setup so that our 
 application is the root application and is accessible from port 80. 
 The application and Tomcat are configured with SSL so that whenever 
 anyone types in the url for the site (e.g.
 www.something.net) Tomcat will switch into HTTPS and use port 8443.
 
 This all works fine, but it seems that if for some reason a browser 
 times out when accessing the site, it will never connect to the site 
 again, and any attempt to connect using www.something.net will show 
 that the connection has timed out.
 Yet if you put in the port number (e.g., www.something.net:8443) it 
 comes up right away. We have seen this happen on both Chrome (Version 
 35.0.1916.153 m) and Firefox (Version 30.0).
 
 On Chrome I was able to get the browser to connect to the site by 
 going to Settings  Advanced  Clear Browser Data and clearing 
 browser history, download history, cookies, and cached images and 
 files. Once I did that the site came up immediately with 
 www.something.net and switch to HTTPS as it is supposed to do.
 
 On Firefox, I get the same thing. It will not connect unless I add 
 the port. I tried clearing cached web content, setting the cache 
 limit to zero, and clearing offline web content. None of this worked. 
 Re-installing Firefox did work.
 
 It took me several months to encounter this problem. But other users 
 have encountered it right away (e.g., when setting up a new machine).
 
 Using browser development tools and Tomcat logs, I was able to see 
 the following:
 
 . When working chrome send get to url. Tomcat responds
 with HTTP 302 and redirects to the secure port. The Tomcat 
 localhost_access_log reflects these transmissions.
 
 . When not working, Firefox sends get to url, but no
 response is returned. The Tomcat localhost_access_log is blank.
 
 Can anyone shed any light on this? Is this a Tomcat issue or 
 something to do with the browsers? Is there anything I can look for 
 in the logs that may help?
 
 Bruce
 
 Sounds like a browser issue to me

+1

I've found that many browsers cache responses - including error responses -- 
longer than one might expect. Try a complete page-refresh using SHIFT-CTRL-R 
(or SHIFT-CMD-R), and if that doesn't work, clear all cache and possibly 
restart the browser if that doesn't work.

 , Bruce, unless you've got something else in your topology that could 
 be causing the issue. Say a proxy, for instance? Also, are you sure on 
 the subsequent attempts that your URL starts off with http:// and not 
 https://.  It's a pretty easy detail to overlook.
 
 And on a just curious basis:  Why redirect to 8443 instead of the 
 standard HTTPS port of 443? Then you wouldn't need the port number in 
 the URL.

+1

(And if you can't because you already have a web server running, try routing 
the Tomcat traffic through the web server.)

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTpEpnAAoJEBzwKT+lPKRYeroP/3aB7wYetmOZLNdiP6IeIDwK
wBbvKC9wtoyA6hyelCIR5juIqC7ovSA31J1UxtvubWxiJYO2cy04V7RoBPEprgtj
QHRmgt5Kppet300fTRdO3m4l2RN1FofrvMHPw/5w9PYG2i9IFnd8T/75vKnxKtmo
NPhhznGsGXCFoTjNYdKltFtm5MQFEYSzkSp2Y1c7z3+PSG6Fhc+7+TD2UFn08sNY
iZJfRprgJI3IaeRw+ETSUMeQkYUkuIDtb1EW5iPnKdLdRoNadUCPTTBeLVJvB9X6
I3MvbOehLOtAerrdlp62jPZKRGZd1brF8Or21cQ5DdFv0hCQjG4fMA1zIYn3eNbf
sv0YTProdQABGy6cjLgdLtCR3/weQcet7rcjiykVyPTln/kjzAzLA+iNF+NF3Lg0
OZAJ6xXT89lHIzkRXkrk/5kd1nZXX7Hsl8uizbtgOFntFd5rTM2nH4MdUzIOqNuP
wZ7/pfIiNNpu7YBzsspcshkqZeyTbZhhNEBjFa1RO/d8VRhH7EQFp5eEU5BI+S+h
BVbIpvyVhfQ+JjDyrDZ6qJ8vxctbSmZJkggBv5g5iSxYAPKkpuTQzijD4R6ecTr6
KOgThCcBQ/vWa

Browsers suddenly start timing out when accessing port 80 of secure site

2014-06-19 Thread Bruce Lombardi
We have a Java application running on Tomcat 7.0.52 on an Amazon Web
Services EC2 Windows 2008 R2 server. Tomcat is setup so that our application
is the root application and is accessible from port 80. The application and
Tomcat are configured with SSL so that whenever anyone types in the url for
the site (e.g. www.something.net) Tomcat will switch into HTTPS and use port
8443.

This all works fine, but it seems that if for some reason a browser times
out when accessing the site, it will never connect to the site again, and
any attempt to connect using www.something.net will show that the connection
has timed out. Yet if you put in the port number (e.g.,
www.something.net:8443) it comes up right away. We have seen this happen on
both Chrome (Version 35.0.1916.153 m) and Firefox (Version 30.0).

On Chrome I was able to get the browser to connect to the site by going to
Settings  Advanced  Clear Browser Data and clearing browser history,
download history, cookies, and cached images and files. Once I did that the
site came up immediately with www.something.net and switch to HTTPS as it is
supposed to do.

On Firefox, I get the same thing. It will not connect unless I add the port.
I tried clearing cached web content, setting the cache limit to zero, and
clearing offline web content. None of this worked. Re-installing Firefox did
work.

It took me several months to encounter this problem. But other users have
encountered it right away (e.g., when setting up a new machine).

Using browser development tools and Tomcat logs, I was able to see the
following:

. When working chrome send get to url. Tomcat responds with HTTP 302
and redirects to the secure port. The Tomcat localhost_access_log reflects
these transmissions.

. When not working, Firefox sends get to url, but no response is
returned. The Tomcat localhost_access_log is blank.

Can anyone shed any light on this? Is this a Tomcat issue or something to do
with the browsers? Is there anything I can look for in the logs that may
help?

Bruce