On Mon, Mar 18, 2019 at 4:44 PM Igor T <igor.tymoshc...@gmail.com> wrote:
> > Since 9.0.12 and 16 do the same, I wouldn't look at that at all. > Something > > simple like this works in the general case, there must be something > > specific here. So it's Windows, which some unspecified OpenSSL version. > > > > Rémy > > That's not right. After many tests I've found out that 9.0.12 build > comes with [OpenSSL 1.0.2o 27 Mar 2018], while 9.0.16 comes with > [OpenSSL 1.1.1a 20 Nov 2018]. > The problem was localized to OpenSSL 1.1.1a on Nio2. > Also it became clear that establishing of connection takes more time > with OpenSSL 1.1.1a on Nio. > So it looks like OpenSSL 1.1.1a build is much less optimized and buggy. > > So the question is: how to change OpenSSL version that is shipped with > the latest tomcat build back to 1.0.2? > Any feedback appreciated. > Ok, thanks for the information. The code has been updated for TLS 1.3 when using OpenSSL 1.1.1, so there are significant changes in all components. We will investigate. Rémy > > > > Detailed test results: > > The problem exist: > Apache Tomcat 9.0.16/Http11Nio2Protocol/OpenSSL 1.1.1a > 18-Mar-2019 14:34:54.103 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded > APR based Apache Tomcat Native library [1.2.21] using APR version > [1.6.5]. > 18-Mar-2019 14:34:54.103 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR > capabilities: IPv6 [true], sendfile [true], accept filters [false], > random [true]. > 18-Mar-2019 14:34:54.103 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent > APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] > 18-Mar-2019 14:34:54.103 INFO [main] > org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL > successfully initialized [OpenSSL 1.1.1a 20 Nov 2018] > 18-Mar-2019 14:34:54.306 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["http-nio2-80"] > 18-Mar-2019 14:34:54.353 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["https-openssl-nio2-443"] > 18-Mar-2019 14:34:54.947 INFO [main] > org.apache.catalina.startup.Catalina.load Server initialization in > [1,516] milliseconds > 18-Mar-2019 14:34:54.994 INFO [main] > org.apache.catalina.core.StandardService.startInternal Starting > service [Catalina] > 18-Mar-2019 14:34:54.994 INFO [main] > org.apache.catalina.core.StandardEngine.startInternal Starting Servlet > engine: [Apache Tomcat/9.0.16] > success: 1, read 73 bytes for: 125ms > denial: 1, Connection reset > success: 2, read 73 bytes for: 94ms > denial: 2, Connection reset > success: 3, read 73 bytes for: 93ms > denial: 3, Connection reset > success: 4, read 73 bytes for: 78ms > denial: 4, Connection reset > success: 5, read 73 bytes for: 94ms > denial: 5, Connection reset > > Apache Tomcat 9.0.17/Http11Nio2Protocol/OpenSSL 1.1.1a > 18-Mar-2019 14:41:46.708 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded > APR based Apache Tomcat Native library [1.2.21] using APR version > [1.6.5]. > 18-Mar-2019 14:41:46.708 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR > capabilities: IPv6 [true], sendfile [true], accept filters [false], > random [true]. > 18-Mar-2019 14:41:46.708 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent > APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] > 18-Mar-2019 14:41:46.724 INFO [main] > org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL > successfully initialized [OpenSSL 1.1.1a 20 Nov 2018] > 18-Mar-2019 14:41:46.896 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["http-nio2-80"] > 18-Mar-2019 14:41:46.912 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["https-openssl-nio2-443"] > 18-Mar-2019 14:41:47.443 INFO [main] > org.apache.catalina.startup.Catalina.load Server initialization in > [1,335] milliseconds > 18-Mar-2019 14:41:47.474 INFO [main] > org.apache.catalina.core.StandardService.startInternal Starting > service [Catalina] > 18-Mar-2019 14:41:47.474 INFO [main] > org.apache.catalina.core.StandardEngine.startInternal Starting Servlet > engine: [Apache Tomcat/9.0.17] > success: 1, read 73 bytes for: 78ms > denial: 1, Connection reset > success: 2, read 73 bytes for: 93ms > denial: 2, Connection reset > success: 3, read 73 bytes for: 78ms > denial: 3, Connection reset > success: 4, read 73 bytes for: 94ms > denial: 4, Connection reset > success: 5, read 73 bytes for: 78ms > denial: 5, Connection reset > > > The problem does not exist: > Apache Tomcat 9.0.12/Http11Nio2Protocol/OpenSSL 1.0.2o > 18-Mar-2019 14:30:21.917 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded > APR based Apache Tomcat Native library [1.2.17] using APR version > [1.6.3]. > 18-Mar-2019 14:30:21.917 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR > capabilities: IPv6 [true], sendfile [true], accept filters [false], > random [true]. > 18-Mar-2019 14:30:21.917 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent > APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] > 18-Mar-2019 14:30:22.932 INFO [main] > org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL > successfully initialized [OpenSSL 1.0.2o 27 Mar 2018] > 18-Mar-2019 14:30:23.135 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["http-nio2-80"] > 18-Mar-2019 14:30:23.167 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["https-openssl-nio2-443"] > 18-Mar-2019 14:30:24.059 INFO [main] > org.apache.catalina.startup.Catalina.load Initialization processed in > 2763 ms > 18-Mar-2019 14:30:24.135 INFO [main] > org.apache.catalina.core.StandardService.startInternal Starting > service [Catalina] > 18-Mar-2019 14:30:24.135 INFO [main] > org.apache.catalina.core.StandardEngine.startInternal Starting Servlet > Engine: Apache Tomcat/9.0.12 > success: 1, read 73 bytes for: 125ms > success: 2, read 73 bytes for: 78ms > success: 3, read 73 bytes for: 78ms > success: 4, read 73 bytes for: 78ms > success: 5, read 73 bytes for: 93ms > success: 6, read 73 bytes for: 78ms > success: 7, read 73 bytes for: 94ms > success: 8, read 73 bytes for: 78ms > success: 9, read 73 bytes for: 94ms > success: 10, read 73 bytes for: 94ms > > Apache Tomcat 9.0.12/Http11NioProtocol/OpenSSL 1.0.2o > 18-Mar-2019 14:31:42.476 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded > APR based Apache Tomcat Native library [1.2.17] using APR version > [1.6.3]. > 18-Mar-2019 14:31:42.476 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR > capabilities: IPv6 [true], sendfile [true], accept filters [false], > random [true]. > 18-Mar-2019 14:31:42.476 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent > APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] > 18-Mar-2019 14:31:43.492 INFO [main] > org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL > successfully initialized [OpenSSL 1.0.2o 27 Mar 2018] > 18-Mar-2019 14:31:43.726 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["http-nio2-80"] > 18-Mar-2019 14:31:43.758 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["https-openssl-nio-443"] > 18-Mar-2019 14:31:44.336 INFO [main] > org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a > shared selector for servlet write/read > 18-Mar-2019 14:31:44.351 INFO [main] > org.apache.catalina.startup.Catalina.load Initialization processed in > 2483 ms > 18-Mar-2019 14:31:44.383 INFO [main] > org.apache.catalina.core.StandardService.startInternal Starting > service [Catalina] > 18-Mar-2019 14:31:44.383 INFO [main] > org.apache.catalina.core.StandardEngine.startInternal Starting Servlet > Engine: Apache Tomcat/9.0.12 > success: 1, read 73 bytes for: 109ms > success: 2, read 73 bytes for: 78ms > success: 3, read 73 bytes for: 78ms > success: 4, read 73 bytes for: 94ms > success: 5, read 73 bytes for: 78ms > success: 6, read 73 bytes for: 78ms > success: 7, read 73 bytes for: 78ms > success: 8, read 73 bytes for: 78ms > success: 9, read 73 bytes for: 78ms > success: 10, read 73 bytes for: 94ms > > Apache Tomcat 9.0.16/Http11NioProtocol/OpenSSL 1.1.1a > 18-Mar-2019 14:37:12.000 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded > APR based Apache Tomcat Native library [1.2.21] using APR version > [1.6.5]. > 18-Mar-2019 14:37:12.000 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR > capabilities: IPv6 [true], sendfile [true], accept filters [false], > random [true]. > 18-Mar-2019 14:37:12.000 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent > APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] > 18-Mar-2019 14:37:12.000 INFO [main] > org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL > successfully initialized [OpenSSL 1.1.1a 20 Nov 2018] > 18-Mar-2019 14:37:12.203 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["http-nio2-80"] > 18-Mar-2019 14:37:12.219 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["https-openssl-nio-443"] > 18-Mar-2019 14:37:12.797 INFO [main] > org.apache.catalina.startup.Catalina.load Server initialization in > [1,497] milliseconds > 18-Mar-2019 14:37:12.844 INFO [main] > org.apache.catalina.core.StandardService.startInternal Starting > service [Catalina] > 18-Mar-2019 14:37:12.844 INFO [main] > org.apache.catalina.core.StandardEngine.startInternal Starting Servlet > engine: [Apache Tomcat/9.0.16] > success: 1, read 73 bytes for: 78ms > success: 2, read 73 bytes for: 218ms > success: 3, read 73 bytes for: 203ms > success: 4, read 73 bytes for: 203ms > success: 5, read 73 bytes for: 203ms > success: 6, read 73 bytes for: 203ms > success: 7, read 73 bytes for: 203ms > success: 8, read 73 bytes for: 202ms > success: 9, read 73 bytes for: 187ms > success: 10, read 73 bytes for: 187ms > > Apache Tomcat 9.0.17/Http11NioProtocol/OpenSSL 1.1.1a > 18-Mar-2019 14:40:17.879 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded > APR based Apache Tomcat Native library [1.2.21] using APR version > [1.6.5]. > 18-Mar-2019 14:40:17.879 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR > capabilities: IPv6 [true], sendfile [true], accept filters [false], > random [true]. > 18-Mar-2019 14:40:17.879 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent > APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] > 18-Mar-2019 14:40:17.926 INFO [main] > org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL > successfully initialized [OpenSSL 1.1.1a 20 Nov 2018] > 18-Mar-2019 14:40:18.098 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["http-nio2-80"] > 18-Mar-2019 14:40:18.129 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["https-openssl-nio-443"] > 18-Mar-2019 14:40:18.645 INFO [main] > org.apache.catalina.startup.Catalina.load Server initialization in > [1,449] milliseconds > 18-Mar-2019 14:40:18.692 INFO [main] > org.apache.catalina.core.StandardService.startInternal Starting > service [Catalina] > 18-Mar-2019 14:40:18.692 INFO [main] > org.apache.catalina.core.StandardEngine.startInternal Starting Servlet > engine: [Apache Tomcat/9.0.17] > success: 1, read 73 bytes for: 109ms > success: 2, read 73 bytes for: 218ms > success: 3, read 73 bytes for: 203ms > success: 4, read 73 bytes for: 203ms > success: 5, read 73 bytes for: 187ms > success: 6, read 73 bytes for: 203ms > success: 7, read 73 bytes for: 187ms > success: 8, read 73 bytes for: 187ms > success: 9, read 73 bytes for: 203ms > success: 10, read 73 bytes for: 203ms > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
