I am enabling SSL debugging this morning. I did catch this in the log for an instance that started erroring out this morning. Seems like it may be too generic to help solve my problem. Here it is:
24-May-2021 09:25:44.609 SEVERE [catalina-exec-51] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun java.lang.NullPointerException at org.bouncycastle.crypto.signers.PSSSigner.generateSignature(Unknown Source) at org.bouncycastle.jce.provider.JDKPSSSigner.engineSign(Unknown Source) at java.security.Signature$Delegate.engineSign(Signature.java:1382) at java.security.Signature.sign(Signature.java:698) at sun.security.ssl.CertificateVerify$T13CertificateVerifyMessage.<init>(CertificateVerify.java:931) at sun.security.ssl.CertificateVerify$T13CertificateVerifyProducer.onProduceCertificateVerify(CertificateVerify.java:1105) at sun.security.ssl.CertificateVerify$T13CertificateVerifyProducer.produce(CertificateVerify.java:1098) at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:420) at sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1096) at sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1032) at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:716) at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:683) at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:983) at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:970) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:917) at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:432) at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:496) at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:237) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1611) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) I will let you know what I find in the debug. It may be a while because the instance works fine initially. -- Ez On Thu, May 20, 2021 at 10:55 AM <john.e.gr...@wellsfargo.com.invalid> wrote: > It's "ssl,handshake." > > > > -----Original Message----- > > From: Ezsra McDonald <ezsra.mcdon...@gmail.com> > > Sent: Thursday, May 20, 2021 10:43 AM > > To: Tomcat Users List <users@tomcat.apache.org> > > Subject: Re: Tomcat SSL stops working after an undetermined amount of > > time > > > > Mark, > > > > Thanks for your response. > > > > I did not see anything in the logs. This morning I added ' > > -Djava.net.debug=handshake' to my configuration. I did not see any SSL > > debug information in my logs. Perhaps I did this wrong or need to use a > > different argument? > > > > I expected the debug to be in the access log. Should I be looking > elsewhere? > > I also checked other logs that had timestamps for after the instance was > > restarted. > > > > -- Ez > > > > On Thu, May 20, 2021 at 3:05 AM Mark Thomas <ma...@apache.org> wrote: > > > > > On 19/05/2021 20:42, Ezsra McDonald wrote: > > > > Environment: > > > > OS: CentOS 7 > > > > Apache: apache-tomcat-8.5.65 > > > > Java: jdk1.8.0_281 > > > > > > > > Greetings, > > > > > > > > I recently enabled SSL on my Tomcat server HTTP connectors. > > > > Something odd is happening. After some undetermined amount of time > > > > the connector stops responding appropriately to requests. My browser > > > > returns the following > > > > message: > > > > > > > > "An error occurred during a connection to target.host.com:8080. SSL > > > > received a malformed Alert record. > > > > > > > > Error code: SSL_ERROR_RX_MALFORMED_ALERT " > > > > I do not see anything in the logs to clue me in on what is happening. > > > > > > > > I have the following configured for the connector. > > > > <Connector executor="tomcatThreadPool" > > > > port="${http.port}" > > > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > > > maxThreads="50" enableLookups="false" acceptCount="100" > > > > server="Apache" > > > > SSLEnabled="true" scheme="https" secure="true" > > > > clientAuth="false" sslProtocol="TLSv1.2" > > > > keystoreFile="/opt/tomcat/ssl/tomcat_ssl.jks" > > > > keyAlias="tomcat" > > > > keystorePass="**************" > > > > connectionTimeout="20000"/> > > > > > > > > When I restart the instance everything works fine for a while. > > > > Later, > > > when > > > > I try to look at the tomcat manager, SSL is no longer functioning > > > properly. > > > > > > > > Any assistance would be appreciated. > > > > > > Anything in the access logs? > > > > > > Enable TLS debug logging in the JVM Tomcat is using. You'll get a lot > > > of data but you'll be able to see exactly what is happening. > > > > > > Mark > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >