All,
Hopefully I can explain this clearly...
The short question is that my client is sometimes not getting the 0-length
chunk at the end of the response from Tomcat, so my connections don't get
reused.
My Tomcat server is version 7.0.81. JDK is 1.8.0_144. I have a Jersey client,
version 2.25, connecting to it from another Tomcat server. I noticed that
inbound connections to the server are not getting reused properly. I think the
reason has to do with the fact that Tomcat is using chunked output but is not
sending the 0-length chunk that signals the end of the response, even though
the response is completed/successful.
My Tomcat server has 3 connectors: one plain HTTP, one SSL, and one SSL +
mutual authentication (2-way SSL.) With plain HTTP, I always get the 0-length
chunk. I verified this both with the remote debugger and TCPMon. With the
other two connectors, I don't get the 0-length chunk with the Jersey client,
though I do see it with some other clients. I can't use TCPMon with SSL, but
with the same breakpoints as with non-SSL I see that there is no 0-length chunk.
Setting a breakpoint on ChunkedInputStream line 326 on the client side and
printing the chunk sizes, I get this output for 2 responses over plain HTTP:
chunk size: 8192
chunk size: 1312
chunk size: 0
chunk size: 8192
chunk size: 1312
chunk size: 0
And for SSL:
chunk size: 8192
chunk size: 1312
chunk size: 8192
chunk size: 1312
When there is no 0-length chunk, the processRaw() method exits on line 304.
When there is, it exits on line 457.
In all scenarios, the client uses HTTP/1.1 and sends the Connection: keep-alive
header. Adding "%{Connection}i %{Connection}o" to my access valve gives me
this in the log:
keep-alive -
When I run tests from a load generator directly against the server, the
chunking occurs and the connections get reused as expected.
Here is my plain HTTP connector:
<Connector port="7150"
protocol="HTTP/1.1"
connectionTimeout="3000"
enableLookups="false"
acceptCount="150"
redirectPort="8443"
maxThreads="80"
maxKeepAliveRequests="100"
/>
Here is one of my SSL connectors:
<Connector port="7154"
protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="160"
maxKeepAliveRequests="100"
keepAliveTimeout="10000"
scheme="https"
secure="true"
clientAuth="true"
sslProtocol="TLS"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
keystoreFile="${keystoreFile}"
keystorePass="${keystorePassword}"
keyAlias="banana"
truststoreFile="${truststoreFile}"
truststorePass="${truststorePassword}"
allowUnsafeLegacyRenegotiation="false"
ciphers="blah blah blah"
/>
Any ideas?
Thanks
John
