When Tomcat 8.5.5 got released recently, I was working on upgrading my existing 
app from Tomcat 8.5.4 to 8.5.5.

It seems that server startup goes through fine with message (INFO: Server 
startup in 16323 ms) printed at the end, and
I am even able to access the application fine.

My only concern is that I see following NullPointerException logged right after 
successful startup message.
Please note that this exception is thrown even before I make an attempt to 
access the application from browser.

Sep 19, 2016 2:30:26 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 16323 ms
Sep 19, 2016 2:30:26 PM org.apache.tomcat.util.net.NioEndpoint$SocketProcessor 
doRun
SEVERE: java.lang.NullPointerException
        at 
org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:182)
        at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1387)
        at 
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)


Following is the connector configuration I am using. The same connector 
configuration when used with version 8.5.4 does not throw this error.

    <Connector port="${appserver.httpssoap.port}" 
protocol="org.apache.coyote.http11.Http11NioProtocol"
        proxyPort="${appserver.httpssoap.port}" 
proxyName="${ucl.external.hostname}"
        SSLEnabled="true" scheme="https" secure="true"
        compression="512" 
compressableMimeType="text/html,text/xml,text/css,text/plain,text/javascript,application/javascript"
        server="Manhattan Associates">
        <SSLHostConfig certificateVerification="optional" 
truststoreFile="${catalina.base}/conf/mip-trustcerts.jks" 
truststorePassword="idpkeys"
            
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA"
            protocols="TLSv1.2" >
            <Certificate 
certificateKeystoreFile="${catalina.base}/conf/mip-keys.jks" 
certificateKeystorePassword="idpkeys"
                certificateKeyAlias="mip" type="RSA" />
        </SSLHostConfig>
    </Connector>

I see the following mentioned in release notes for 8.5.5, but not sure if what 
exactly has changed and that requires any changes to my connector configuration.

  *   Correct regressions in TLS handshake and server certificate handling.

Extra bit of information that may help:
One change that I did try is to change "Http11NioProtocol" to 
"Http11Nio2Protocol" just to see how it goes and noticed that this Exception is 
not thrown for NIO2.

I am suspecting that I have hit some bug with "Http11NioProtocol" and 
appreciate any kind of help/tips you can provide.

Thanks,
Avanish

Reply via email to