Re: Browsers suddenly start timing out when accessing port 80 of secure site
On 6/24/2014 12:25 PM, Bruce Lombardi wrote: Thanks for the response Konstantinos. I'll look into the HSTS header. The behavior you describe may be what is happening. Bruce Sent from my iPad On Jun 24, 2014, at 8:51 AM, Konstantin Preißer kpreis...@apache.org wrote: Hi, -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, June 24, 2014 2:42 PM To: Tomcat Users List Subject: Re: Browsers suddenly start timing out when accessing port 80 of secure site -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bruce, On 6/23/14, 2:30 PM, Bruce Lombardi wrote: Moving the SSL port from 8443 to 443 has solved the problem. It appears that when the url www.something.net is entered, Firefox remembers that this is an SSL site and automatically add the s to get https. In fact after the timeout the url line in the browser shows https:www.something.net. Obviously, this is defaulting to the standard SSL port (443), which does not work if 8443 is used. Moving the port to 443 solved the problem. If you read about setting up Tomcat, the default SSL port is 8443. Maybe this is done for testing, but it never seems to be explained that there might be problems with 8443. I have never experienced the behavior you describe. Certain clients do cache responses from servers, so it's possible that you had a bad setup at some point that redirected :80 - :443 and then Firefox wouldn't forget that response and change to :8443. It might also be possible that the website used HSTS which forces compliant browsers (hopefully IE too in near future) to only view a site in HTTPS. I haven't tested how Firefox handles this, but I can imagine that when the website on :8443 sets an HSTS header and the user enters www.example.com, that Firefox automatically switches this to https://www.example.com/; which is Port 443. Regards, Konstantin Preißer There is a nice description on Mozilla: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security Thanks for pointing this out. -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Browsers suddenly start timing out when accessing port 80 of secure site
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bruce, On 6/23/14, 2:30 PM, Bruce Lombardi wrote: Moving the SSL port from 8443 to 443 has solved the problem. It appears that when the url www.something.net is entered, Firefox remembers that this is an SSL site and automatically add the s to get https. In fact after the timeout the url line in the browser shows https:www.something.net. Obviously, this is defaulting to the standard SSL port (443), which does not work if 8443 is used. Moving the port to 443 solved the problem. If you read about setting up Tomcat, the default SSL port is 8443. Maybe this is done for testing, but it never seems to be explained that there might be problems with 8443. I have never experienced the behavior you describe. Certain clients do cache responses from servers, so it's possible that you had a bad setup at some point that redirected :80 - :443 and then Firefox wouldn't forget that response and change to :8443. The :8443 default configuration makes sense because :443 is often used by web servers like Apache httpd, MS IIS, etc. and we don't want to a) interfere with them or b) cause Tomcat to fail to start. I don't believe there are any problems with using port 8443 for SSL. - -chris -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, June 20, 2014 10:51 AM To: Tomcat Users List Subject: Re: Browsers suddenly start timing out when accessing port 80 of secure site Jeffrey, On 6/20/14, 10:24 AM, Jeffrey Janner wrote: -Original Message- From: Bruce Lombardi [mailto:brlom...@gmail.com] Sent: Thursday, June 19, 2014 11:33 AM To: users@tomcat.apache.org Subject: Browsers suddenly start timing out when accessing port 80 of secure site We have a Java application running on Tomcat 7.0.52 on an Amazon Web Services EC2 Windows 2008 R2 server. Tomcat is setup so that our application is the root application and is accessible from port 80. The application and Tomcat are configured with SSL so that whenever anyone types in the url for the site (e.g. www.something.net) Tomcat will switch into HTTPS and use port 8443. This all works fine, but it seems that if for some reason a browser times out when accessing the site, it will never connect to the site again, and any attempt to connect using www.something.net will show that the connection has timed out. Yet if you put in the port number (e.g., www.something.net:8443) it comes up right away. We have seen this happen on both Chrome (Version 35.0.1916.153 m) and Firefox (Version 30.0). On Chrome I was able to get the browser to connect to the site by going to Settings Advanced Clear Browser Data and clearing browser history, download history, cookies, and cached images and files. Once I did that the site came up immediately with www.something.net and switch to HTTPS as it is supposed to do. On Firefox, I get the same thing. It will not connect unless I add the port. I tried clearing cached web content, setting the cache limit to zero, and clearing offline web content. None of this worked. Re-installing Firefox did work. It took me several months to encounter this problem. But other users have encountered it right away (e.g., when setting up a new machine). Using browser development tools and Tomcat logs, I was able to see the following: . When working chrome send get to url. Tomcat responds with HTTP 302 and redirects to the secure port. The Tomcat localhost_access_log reflects these transmissions. . When not working, Firefox sends get to url, but no response is returned. The Tomcat localhost_access_log is blank. Can anyone shed any light on this? Is this a Tomcat issue or something to do with the browsers? Is there anything I can look for in the logs that may help? Bruce Sounds like a browser issue to me +1 I've found that many browsers cache responses - including error responses -- longer than one might expect. Try a complete page-refresh using SHIFT-CTRL-R (or SHIFT-CMD-R), and if that doesn't work, clear all cache and possibly restart the browser if that doesn't work. , Bruce, unless you've got something else in your topology that could be causing the issue. Say a proxy, for instance? Also, are you sure on the subsequent attempts that your URL starts off with http:// and not https://. It's a pretty easy detail to overlook. And on a just curious basis: Why redirect to 8443 instead of the standard HTTPS port of 443? Then you wouldn't need the port number in the URL. +1 (And if you can't because you already have a web server running, try routing the Tomcat traffic through the web server.) -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Browsers suddenly start timing out when accessing port 80 of secure site
Hi, -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, June 24, 2014 2:42 PM To: Tomcat Users List Subject: Re: Browsers suddenly start timing out when accessing port 80 of secure site -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bruce, On 6/23/14, 2:30 PM, Bruce Lombardi wrote: Moving the SSL port from 8443 to 443 has solved the problem. It appears that when the url www.something.net is entered, Firefox remembers that this is an SSL site and automatically add the s to get https. In fact after the timeout the url line in the browser shows https:www.something.net. Obviously, this is defaulting to the standard SSL port (443), which does not work if 8443 is used. Moving the port to 443 solved the problem. If you read about setting up Tomcat, the default SSL port is 8443. Maybe this is done for testing, but it never seems to be explained that there might be problems with 8443. I have never experienced the behavior you describe. Certain clients do cache responses from servers, so it's possible that you had a bad setup at some point that redirected :80 - :443 and then Firefox wouldn't forget that response and change to :8443. It might also be possible that the website used HSTS which forces compliant browsers (hopefully IE too in near future) to only view a site in HTTPS. I haven't tested how Firefox handles this, but I can imagine that when the website on :8443 sets an HSTS header and the user enters www.example.com, that Firefox automatically switches this to https://www.example.com/; which is Port 443. Regards, Konstantin Preißer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Browsers suddenly start timing out when accessing port 80 of secure site
Thanks for the response Konstantinos. I'll look into the HSTS header. The behavior you describe may be what is happening. Bruce Sent from my iPad On Jun 24, 2014, at 8:51 AM, Konstantin Preißer kpreis...@apache.org wrote: Hi, -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, June 24, 2014 2:42 PM To: Tomcat Users List Subject: Re: Browsers suddenly start timing out when accessing port 80 of secure site -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bruce, On 6/23/14, 2:30 PM, Bruce Lombardi wrote: Moving the SSL port from 8443 to 443 has solved the problem. It appears that when the url www.something.net is entered, Firefox remembers that this is an SSL site and automatically add the s to get https. In fact after the timeout the url line in the browser shows https:www.something.net. Obviously, this is defaulting to the standard SSL port (443), which does not work if 8443 is used. Moving the port to 443 solved the problem. If you read about setting up Tomcat, the default SSL port is 8443. Maybe this is done for testing, but it never seems to be explained that there might be problems with 8443. I have never experienced the behavior you describe. Certain clients do cache responses from servers, so it's possible that you had a bad setup at some point that redirected :80 - :443 and then Firefox wouldn't forget that response and change to :8443. It might also be possible that the website used HSTS which forces compliant browsers (hopefully IE too in near future) to only view a site in HTTPS. I haven't tested how Firefox handles this, but I can imagine that when the website on :8443 sets an HSTS header and the user enters www.example.com, that Firefox automatically switches this to https://www.example.com/; which is Port 443. Regards, Konstantin Preißer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Browsers suddenly start timing out when accessing port 80 of secure site
Moving the SSL port from 8443 to 443 has solved the problem. It appears that when the url www.something.net is entered, Firefox remembers that this is an SSL site and automatically add the s to get https. In fact after the timeout the url line in the browser shows https:www.something.net. Obviously, this is defaulting to the standard SSL port (443), which does not work if 8443 is used. Moving the port to 443 solved the problem. If you read about setting up Tomcat, the default SSL port is 8443. Maybe this is done for testing, but it never seems to be explained that there might be problems with 8443. - Bruce -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, June 20, 2014 10:51 AM To: Tomcat Users List Subject: Re: Browsers suddenly start timing out when accessing port 80 of secure site -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 6/20/14, 10:24 AM, Jeffrey Janner wrote: -Original Message- From: Bruce Lombardi [mailto:brlom...@gmail.com] Sent: Thursday, June 19, 2014 11:33 AM To: users@tomcat.apache.org Subject: Browsers suddenly start timing out when accessing port 80 of secure site We have a Java application running on Tomcat 7.0.52 on an Amazon Web Services EC2 Windows 2008 R2 server. Tomcat is setup so that our application is the root application and is accessible from port 80. The application and Tomcat are configured with SSL so that whenever anyone types in the url for the site (e.g. www.something.net) Tomcat will switch into HTTPS and use port 8443. This all works fine, but it seems that if for some reason a browser times out when accessing the site, it will never connect to the site again, and any attempt to connect using www.something.net will show that the connection has timed out. Yet if you put in the port number (e.g., www.something.net:8443) it comes up right away. We have seen this happen on both Chrome (Version 35.0.1916.153 m) and Firefox (Version 30.0). On Chrome I was able to get the browser to connect to the site by going to Settings Advanced Clear Browser Data and clearing browser history, download history, cookies, and cached images and files. Once I did that the site came up immediately with www.something.net and switch to HTTPS as it is supposed to do. On Firefox, I get the same thing. It will not connect unless I add the port. I tried clearing cached web content, setting the cache limit to zero, and clearing offline web content. None of this worked. Re-installing Firefox did work. It took me several months to encounter this problem. But other users have encountered it right away (e.g., when setting up a new machine). Using browser development tools and Tomcat logs, I was able to see the following: . When working chrome send get to url. Tomcat responds with HTTP 302 and redirects to the secure port. The Tomcat localhost_access_log reflects these transmissions. . When not working, Firefox sends get to url, but no response is returned. The Tomcat localhost_access_log is blank. Can anyone shed any light on this? Is this a Tomcat issue or something to do with the browsers? Is there anything I can look for in the logs that may help? Bruce Sounds like a browser issue to me +1 I've found that many browsers cache responses - including error responses -- longer than one might expect. Try a complete page-refresh using SHIFT-CTRL-R (or SHIFT-CMD-R), and if that doesn't work, clear all cache and possibly restart the browser if that doesn't work. , Bruce, unless you've got something else in your topology that could be causing the issue. Say a proxy, for instance? Also, are you sure on the subsequent attempts that your URL starts off with http:// and not https://. It's a pretty easy detail to overlook. And on a just curious basis: Why redirect to 8443 instead of the standard HTTPS port of 443? Then you wouldn't need the port number in the URL. +1 (And if you can't because you already have a web server running, try routing the Tomcat traffic through the web server.) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTpEpnAAoJEBzwKT+lPKRYeroP/3aB7wYetmOZLNdiP6IeIDwK wBbvKC9wtoyA6hyelCIR5juIqC7ovSA31J1UxtvubWxiJYO2cy04V7RoBPEprgtj QHRmgt5Kppet300fTRdO3m4l2RN1FofrvMHPw/5w9PYG2i9IFnd8T/75vKnxKtmo NPhhznGsGXCFoTjNYdKltFtm5MQFEYSzkSp2Y1c7z3+PSG6Fhc+7+TD2UFn08sNY iZJfRprgJI3IaeRw+ETSUMeQkYUkuIDtb1EW5iPnKdLdRoNadUCPTTBeLVJvB9X6 I3MvbOehLOtAerrdlp62jPZKRGZd1brF8Or21cQ5DdFv0hCQjG4fMA1zIYn3eNbf sv0YTProdQABGy6cjLgdLtCR3/weQcet7rcjiykVyPTln/kjzAzLA+iNF+NF3Lg0 OZAJ6xXT89lHIzkRXkrk/5kd1nZXX7Hsl8uizbtgOFntFd5rTM2nH4MdUzIOqNuP wZ7/pfIiNNpu7YBzsspcshkqZeyTbZhhNEBjFa1RO/d8VRhH7EQFp5eEU5BI+S+h BVbIpvyVhfQ+JjDyrDZ6qJ8vxctbSmZJkggBv5g5iSxYAPKkpuTQzijD4R6ecTr6 KOgThCcBQ/vWa
RE: Browsers suddenly start timing out when accessing port 80 of secure site
-Original Message- From: Bruce Lombardi [mailto:brlom...@gmail.com] Sent: Thursday, June 19, 2014 11:33 AM To: users@tomcat.apache.org Subject: Browsers suddenly start timing out when accessing port 80 of secure site We have a Java application running on Tomcat 7.0.52 on an Amazon Web Services EC2 Windows 2008 R2 server. Tomcat is setup so that our application is the root application and is accessible from port 80. The application and Tomcat are configured with SSL so that whenever anyone types in the url for the site (e.g. www.something.net) Tomcat will switch into HTTPS and use port 8443. This all works fine, but it seems that if for some reason a browser times out when accessing the site, it will never connect to the site again, and any attempt to connect using www.something.net will show that the connection has timed out. Yet if you put in the port number (e.g., www.something.net:8443) it comes up right away. We have seen this happen on both Chrome (Version 35.0.1916.153 m) and Firefox (Version 30.0). On Chrome I was able to get the browser to connect to the site by going to Settings Advanced Clear Browser Data and clearing browser history, download history, cookies, and cached images and files. Once I did that the site came up immediately with www.something.net and switch to HTTPS as it is supposed to do. On Firefox, I get the same thing. It will not connect unless I add the port. I tried clearing cached web content, setting the cache limit to zero, and clearing offline web content. None of this worked. Re-installing Firefox did work. It took me several months to encounter this problem. But other users have encountered it right away (e.g., when setting up a new machine). Using browser development tools and Tomcat logs, I was able to see the following: . When working chrome send get to url. Tomcat responds with HTTP 302 and redirects to the secure port. The Tomcat localhost_access_log reflects these transmissions. . When not working, Firefox sends get to url, but no response is returned. The Tomcat localhost_access_log is blank. Can anyone shed any light on this? Is this a Tomcat issue or something to do with the browsers? Is there anything I can look for in the logs that may help? Bruce Sounds like a browser issue to me, Bruce, unless you've got something else in your topology that could be causing the issue. Say a proxy, for instance? Also, are you sure on the subsequent attempts that your URL starts off with http:// and not https://. It's a pretty easy detail to overlook. And on a just curious basis: Why redirect to 8443 instead of the standard HTTPS port of 443? Then you wouldn't need the port number in the URL. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Browsers suddenly start timing out when accessing port 80 of secure site
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 6/20/14, 10:24 AM, Jeffrey Janner wrote: -Original Message- From: Bruce Lombardi [mailto:brlom...@gmail.com] Sent: Thursday, June 19, 2014 11:33 AM To: users@tomcat.apache.org Subject: Browsers suddenly start timing out when accessing port 80 of secure site We have a Java application running on Tomcat 7.0.52 on an Amazon Web Services EC2 Windows 2008 R2 server. Tomcat is setup so that our application is the root application and is accessible from port 80. The application and Tomcat are configured with SSL so that whenever anyone types in the url for the site (e.g. www.something.net) Tomcat will switch into HTTPS and use port 8443. This all works fine, but it seems that if for some reason a browser times out when accessing the site, it will never connect to the site again, and any attempt to connect using www.something.net will show that the connection has timed out. Yet if you put in the port number (e.g., www.something.net:8443) it comes up right away. We have seen this happen on both Chrome (Version 35.0.1916.153 m) and Firefox (Version 30.0). On Chrome I was able to get the browser to connect to the site by going to Settings Advanced Clear Browser Data and clearing browser history, download history, cookies, and cached images and files. Once I did that the site came up immediately with www.something.net and switch to HTTPS as it is supposed to do. On Firefox, I get the same thing. It will not connect unless I add the port. I tried clearing cached web content, setting the cache limit to zero, and clearing offline web content. None of this worked. Re-installing Firefox did work. It took me several months to encounter this problem. But other users have encountered it right away (e.g., when setting up a new machine). Using browser development tools and Tomcat logs, I was able to see the following: . When working chrome send get to url. Tomcat responds with HTTP 302 and redirects to the secure port. The Tomcat localhost_access_log reflects these transmissions. . When not working, Firefox sends get to url, but no response is returned. The Tomcat localhost_access_log is blank. Can anyone shed any light on this? Is this a Tomcat issue or something to do with the browsers? Is there anything I can look for in the logs that may help? Bruce Sounds like a browser issue to me +1 I've found that many browsers cache responses - including error responses -- longer than one might expect. Try a complete page-refresh using SHIFT-CTRL-R (or SHIFT-CMD-R), and if that doesn't work, clear all cache and possibly restart the browser if that doesn't work. , Bruce, unless you've got something else in your topology that could be causing the issue. Say a proxy, for instance? Also, are you sure on the subsequent attempts that your URL starts off with http:// and not https://. It's a pretty easy detail to overlook. And on a just curious basis: Why redirect to 8443 instead of the standard HTTPS port of 443? Then you wouldn't need the port number in the URL. +1 (And if you can't because you already have a web server running, try routing the Tomcat traffic through the web server.) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTpEpnAAoJEBzwKT+lPKRYeroP/3aB7wYetmOZLNdiP6IeIDwK wBbvKC9wtoyA6hyelCIR5juIqC7ovSA31J1UxtvubWxiJYO2cy04V7RoBPEprgtj QHRmgt5Kppet300fTRdO3m4l2RN1FofrvMHPw/5w9PYG2i9IFnd8T/75vKnxKtmo NPhhznGsGXCFoTjNYdKltFtm5MQFEYSzkSp2Y1c7z3+PSG6Fhc+7+TD2UFn08sNY iZJfRprgJI3IaeRw+ETSUMeQkYUkuIDtb1EW5iPnKdLdRoNadUCPTTBeLVJvB9X6 I3MvbOehLOtAerrdlp62jPZKRGZd1brF8Or21cQ5DdFv0hCQjG4fMA1zIYn3eNbf sv0YTProdQABGy6cjLgdLtCR3/weQcet7rcjiykVyPTln/kjzAzLA+iNF+NF3Lg0 OZAJ6xXT89lHIzkRXkrk/5kd1nZXX7Hsl8uizbtgOFntFd5rTM2nH4MdUzIOqNuP wZ7/pfIiNNpu7YBzsspcshkqZeyTbZhhNEBjFa1RO/d8VRhH7EQFp5eEU5BI+S+h BVbIpvyVhfQ+JjDyrDZ6qJ8vxctbSmZJkggBv5g5iSxYAPKkpuTQzijD4R6ecTr6 KOgThCcBQ/vWa/eGBemCysDRYNGM2kaMAL+8xzD2LypbbYRH+ec8LChRGzVBZFJ4 tcroyxk2g0U7wPOHp1gz =z/ZM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Browsers suddenly start timing out when accessing port 80 of secure site
We have a Java application running on Tomcat 7.0.52 on an Amazon Web Services EC2 Windows 2008 R2 server. Tomcat is setup so that our application is the root application and is accessible from port 80. The application and Tomcat are configured with SSL so that whenever anyone types in the url for the site (e.g. www.something.net) Tomcat will switch into HTTPS and use port 8443. This all works fine, but it seems that if for some reason a browser times out when accessing the site, it will never connect to the site again, and any attempt to connect using www.something.net will show that the connection has timed out. Yet if you put in the port number (e.g., www.something.net:8443) it comes up right away. We have seen this happen on both Chrome (Version 35.0.1916.153 m) and Firefox (Version 30.0). On Chrome I was able to get the browser to connect to the site by going to Settings Advanced Clear Browser Data and clearing browser history, download history, cookies, and cached images and files. Once I did that the site came up immediately with www.something.net and switch to HTTPS as it is supposed to do. On Firefox, I get the same thing. It will not connect unless I add the port. I tried clearing cached web content, setting the cache limit to zero, and clearing offline web content. None of this worked. Re-installing Firefox did work. It took me several months to encounter this problem. But other users have encountered it right away (e.g., when setting up a new machine). Using browser development tools and Tomcat logs, I was able to see the following: . When working chrome send get to url. Tomcat responds with HTTP 302 and redirects to the secure port. The Tomcat localhost_access_log reflects these transmissions. . When not working, Firefox sends get to url, but no response is returned. The Tomcat localhost_access_log is blank. Can anyone shed any light on this? Is this a Tomcat issue or something to do with the browsers? Is there anything I can look for in the logs that may help? Bruce