On 11/06/2021 21:01, Mark A. Claassen wrote:
RESOLVED. (Sort of, I have questions)
I had to add a -TLSv1.3
protocols="all -SSLv3 -TLSv1 -TLSv1.3"
https://stackoverflow.com/questions/57601284/java-11-and-12-ssl-sockets-fail-on-a-handshake-failure-error-with-tlsv1-3-enable
Why does the version of Tomcat matter? I thought OpenSSL was managing all this.
Where is the line between all them?
OpenSSL only does what it is told.
From the 9.0.x changelog
9.0.13
...
Add TLS 1.3 support for the APR/Native connector and the NIO/NIO2
connector when using the OpenSSL backed JSSE implementation.
...
Mark
Thanks,
Mark Claassen
Senior Software Engineer
Donnell Systems, Inc.
130 South Main Street
Leighton Plaza Suite 375
South Bend, IN 46601
E-mail: mailto:mclaas...@ocie.net
Voice: (574)232-3784
Fax: (574)232-4014
-------------------------------------------
Confidentiality Notice: OCIESERVICE
-------------------------------------------
The contents of this e-mail message and any attachments are intended solely for
the addressee(s) named in this message. This communication is intended to be
and to remain confidential. If you are not the intended recipient of this
message, or if this message has been addressed to you in error, please
immediately alert the sender by reply e-mail and then delete this message and
its attachments. Do not deliver, distribute, copy, disclose the contents or
take any action in reliance upon the information contained in the communication
or any attachments.
-----Original Message-----
From: Mark A. Claassen <mclaas...@ocie.net>
Sent: Friday, June 11, 2021 3:42 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: RE: Strange connection error
I have tried so many things, I am getting a bit confused. :)
The exception was probably using the NIO connector. With the APR one I get:
FINER: Destroying socket [140,404,292,849,904] java.lang.Exception
at
org.apache.tomcat.util.net.AprEndpoint.destroySocketInternal(AprEndpoint.java:750)
at
org.apache.tomcat.util.net.AprEndpoint.access$200(AprEndpoint.java:80)
at org.apache.tomcat.util.net.AprEndpoint$P
Mark Claassen
Senior Software Engineer
Donnell Systems, Inc.
130 South Main Street
Leighton Plaza Suite 375
South Bend, IN 46601
E-mail: mailto:mclaas...@ocie.net
Voice: (574)232-3784
Fax: (574)232-4014
-------------------------------------------
Confidentiality Notice: OCIESERVICE
-------------------------------------------
The contents of this e-mail message and any attachments are intended solely for
the addressee(s) named in this message. This communication is intended to be
and to remain confidential. If you are not the intended recipient of this
message, or if this message has been addressed to you in error, please
immediately alert the sender by reply e-mail and then delete this message and
its attachments. Do not deliver, distribute, copy, disclose the contents or
take any action in reliance upon the information contained in the communication
or any attachments.
-----Original Message-----
From: Mark A. Claassen <mclaas...@ocie.net>
Sent: Friday, June 11, 2021 3:27 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Strange connection error
I turned all the logging to .FINEST, re-enabled the HTTP APR connector (which
produces the odd access log entry) and got this exception. Now, I just need to
figure out what caused this.
java.io.EOFException
at
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.fillReadBuffer(NioEndpoint.java:1345)
at
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.read(NioEndpoint.java:1255)
at
org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:799)
at
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:359)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:261)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Also, I am not sure why OpenSSL is complaining about the keys when it did not
with the earlier version of Tomcat?
Jun 11, 2021 3:13:34 PM org.apache.tomcat.util.net.openssl.OpenSSLEngine
getLastError
FINE: OpenSSL error: [336462231] message: [error:140E0197:SSL
routines:SSL_shutdown:shutdown while in init] Jun 11, 2021 3:13:34 PM
org.apache.tomcat.util.net.openssl.OpenSSLEngine getLastError
FINE: OpenSSL error: [337604709] message: [error:141F7065:SSL
routines:final_key_share:no suitable key share]
Mark Claassen
Senior Software Engineer
Donnell Systems, Inc.
130 South Main Street
Leighton Plaza Suite 375
South Bend, IN 46601
E-mail: mailto:mclaas...@ocie.net
Voice: (574)232-3784
Fax: (574)232-4014
-------------------------------------------
Confidentiality Notice: OCIESERVICE
-------------------------------------------
The contents of this e-mail message and any attachments are intended solely for
the addressee(s) named in this message. This communication is intended to be
and to remain confidential. If you are not the intended recipient of this
message, or if this message has been addressed to you in error, please
immediately alert the sender by reply e-mail and then delete this message and
its attachments. Do not deliver, distribute, copy, disclose the contents or
take any action in reliance upon the information contained in the communication
or any attachments.
-----Original Message-----
From: calder <calder....@gmail.com>
Sent: Thursday, June 10, 2021 7:36 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: [Possible Spam] Re: Strange connection error
Importance: Low
On Thu, Jun 10, 2021, 15:11 Mark A. Claassen <mclaas...@ocie.net> wrote:
Anyway, I will do some research on the debugging technique mentioned
earlier.
https://support.f5.com/csp/article/K50557518
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
B KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB [
X ܚX KK[XZ[
\ \ ][ X ܚX P X ]
\X K ܙ B ܈Y][ۘ[ [X[ K[XZ[
\ \ Z[ X ]
\X K ܙ B
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org