I am enabling SSL debugging this morning. I did catch this in the log for
an instance that started erroring out this morning. Seems like it may be
too generic to help solve my problem. Here it is:
24-May-2021 09:25:44.609 SEVERE [catalina-exec-51]
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
java.lang.NullPointerException
at org.bouncycastle.crypto.signers.PSSSigner.generateSignature(Unknown
Source)
at org.bouncycastle.jce.provider.JDKPSSSigner.engineSign(Unknown Source)
at java.security.Signature$Delegate.engineSign(Signature.java:1382)
at java.security.Signature.sign(Signature.java:698)
at
sun.security.ssl.CertificateVerify$T13CertificateVerifyMessage.<init>(CertificateVerify.java:931)
at
sun.security.ssl.CertificateVerify$T13CertificateVerifyProducer.onProduceCertificateVerify(CertificateVerify.java:1105)
at
sun.security.ssl.CertificateVerify$T13CertificateVerifyProducer.produce(CertificateVerify.java:1098)
at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:420)
at
sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1096)
at
sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1032)
at
sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:716)
at
sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:683)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:376)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:983)
at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:970)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:917)
at
org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:432)
at
org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:496)
at
org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:237)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1611)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
I will let you know what I find in the debug. It may be a while because the
instance works fine initially.
-- Ez
On Thu, May 20, 2021 at 10:55 AM <john.e.gr...@wellsfargo.com.invalid>
wrote:
> It's "ssl,handshake."
>
>
> > -----Original Message-----
> > From: Ezsra McDonald <ezsra.mcdon...@gmail.com>
> > Sent: Thursday, May 20, 2021 10:43 AM
> > To: Tomcat Users List <users@tomcat.apache.org>
> > Subject: Re: Tomcat SSL stops working after an undetermined amount of
> > time
> >
> > Mark,
> >
> > Thanks for your response.
> >
> > I did not see anything in the logs. This morning I added '
> > -Djava.net.debug=handshake' to my configuration. I did not see any SSL
> > debug information in my logs. Perhaps I did this wrong or need to use a
> > different argument?
> >
> > I expected the debug to be in the access log. Should I be looking
> elsewhere?
> > I also checked other logs that had timestamps for after the instance was
> > restarted.
> >
> > -- Ez
> >
> > On Thu, May 20, 2021 at 3:05 AM Mark Thomas <ma...@apache.org> wrote:
> >
> > > On 19/05/2021 20:42, Ezsra McDonald wrote:
> > > > Environment:
> > > > OS: CentOS 7
> > > > Apache: apache-tomcat-8.5.65
> > > > Java: jdk1.8.0_281
> > > >
> > > > Greetings,
> > > >
> > > > I recently enabled SSL on my Tomcat server HTTP connectors.
> > > > Something odd is happening. After some undetermined amount of time
> > > > the connector stops responding appropriately to requests. My browser
> > > > returns the following
> > > > message:
> > > >
> > > > "An error occurred during a connection to target.host.com:8080. SSL
> > > > received a malformed Alert record.
> > > >
> > > > Error code: SSL_ERROR_RX_MALFORMED_ALERT "
> > > > I do not see anything in the logs to clue me in on what is happening.
> > > >
> > > > I have the following configured for the connector.
> > > > <Connector executor="tomcatThreadPool"
> > > > port="${http.port}"
> > > > protocol="org.apache.coyote.http11.Http11NioProtocol"
> > > > maxThreads="50" enableLookups="false" acceptCount="100"
> > > > server="Apache"
> > > > SSLEnabled="true" scheme="https" secure="true"
> > > > clientAuth="false" sslProtocol="TLSv1.2"
> > > > keystoreFile="/opt/tomcat/ssl/tomcat_ssl.jks"
> > > > keyAlias="tomcat"
> > > > keystorePass="**************"
> > > > connectionTimeout="20000"/>
> > > >
> > > > When I restart the instance everything works fine for a while.
> > > > Later,
> > > when
> > > > I try to look at the tomcat manager, SSL is no longer functioning
> > > properly.
> > > >
> > > > Any assistance would be appreciated.
> > >
> > > Anything in the access logs?
> > >
> > > Enable TLS debug logging in the JVM Tomcat is using. You'll get a lot
> > > of data but you'll be able to see exactly what is happening.
> > >
> > > Mark
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
