You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Pierre Chiu <pc...@gmail.com> on 2018/01/29 12:03:04 UTC
Tomcat 8.5.27 HTTP/2 connector not supporting GZIP compression
According to the change log, this is fixed in in bug 60276. However, I cannot make it work.
Gzip compression working fine without the UpgradeProtocol tag.
Adding UpgradeProtocol for http2 and gzip compression stop working.
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
SSLEnabled="true" scheme="https" secure="true"
maxHttpHeaderSize="32767"
maxThreads="150"
URIEncoding="UTF-8"
compression="on"
useSendfile="off"
defaultSSLHostConfigName="*. xxxxxxxx.ca"
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
compression="on"
compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/xml"
compressionMinSize="0"
/>
<SSLHostConfig hostName="*.xxxxxxxx.ca"
disableSessionTickets="true"
ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_EMPTY_RENEGOTIATION_INFO_SCSVF"
>
<Certificate
CertificateFile="${catalina.home}\conf\ssl\ xxxxxxxx.ca.crt"
CertificateKeyFile="${catalina.home}\conf\ssl\ xxxxxxxx.ca.pem"
CertificateChainFile="${catalina.home}\conf\ssl\gd_bundle-g2-g1.crt"
type="RSA" />
</SSLHostConfig>
</Connector>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 8.5.27 HTTP/2 connector not supporting GZIP compression
Posted by Pierre Chiu <pc...@gmail.com>.
> On Jan 29, 2018, at 1:27 PM, Christopher Schultz <ch...@christopherschultz.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Pierre,
>
> On 1/29/18 1:07 PM, Pierre Chiu wrote:
>> Here is the request/response header. You can tell
>> Content-Encoding:gzip is missing when http2 is enabled.
>>
>>
>>
>> General (same with/without http2) Request
>> URL:https://xxxxxxxxx.ca/tomcat.css Request Method:GET Status
>> Code:200 Remote Address:198.163.180.42:443 Referrer
>> Policy:no-referrer-when-downgrade
>>
>>
>> Request Headers (same with/without http2)
>> Accept:text/css,*/*;q=0.1 Accept-Encoding:gzip, deflate, br
>> Accept-Language:en-US,en;q=0.9,zh-TW;q=0.8,zh;q=0.7
>> Cache-Control:no-cache Connection:keep-alive
>> Cookie:_ga=GA1.2.1536574675.1508533871; __utmc=29525935;
>> __utmz=29525935.1508478784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=
> (none);
>> __utma=29525935.990581674.1508478784.1516634493.1516996006.24
>> DNT:1 Host:xxxxxxxxx.ca Pragma:no-cache
>> Referer:https://xxxxxxxxx.ca/index.jsp User-Agent:Mozilla/5.0
>> (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like
>> Gecko) Chrome/63.0.3239.132 Safari/537.36
>>
>>
>> Response Headers (without http2) Accept-Ranges:bytes
>> Content-Encoding:gzip Content-Type:text/css Date:Mon, 29 Jan 2018
>> 17:55:59 GMT ETag:W/"5931-1516324390000" Last-Modified:Fri, 19 Jan
>> 2018 01:13:10 GMT
>> Strict-Transport-Security:max-age=31536000;includeSubDomains
>> Transfer-Encoding:chunked Vary:Accept-Encoding
>> X-Content-Type-Options:nosniff X-Frame-Options:SAMEORIGIN
>> X-XSS-Protection:1; mode=block
>>
>>
>> Response Headers (with http2) accept-ranges:bytes
>> content-type:text/css date:Mon, 29 Jan 2018 18:03:06 GMT
>> etag:W/"5931-1516324390000" last-modified:Fri, 19 Jan 2018 01:13:10
>> GMT status:200
>> strict-transport-security:max-age=31536000;includeSubDomains
>> x-content-type-options:nosniff x-frame-options:SAMEORIGIN
>> x-xss-protection:1; mode=block
>>
>>
>>
>>> On Jan 29, 2018, at 9:49 AM, Christopher Schultz
>>> <ch...@christopherschultz.net> wrote:
>>>
>> Pierre,
>>
>> On 1/29/18 7:03 AM, Pierre Chiu wrote:
>>>>> According to the change log, this is fixed in in bug 60276.
>>>>> However, I cannot make it work.
>>>>>
>>>>> Gzip compression working fine without the UpgradeProtocol
>>>>> tag. Adding UpgradeProtocol for http2 and gzip compression
>>>>> stop working.
>>>>>
>>>>>
>>>>> <Connector port="443"
>>>>> protocol="org.apache.coyote.http11.Http11AprProtocol"
>>>>> SSLEnabled="true" scheme="https" secure="true"
>>>>> maxHttpHeaderSize="32767" maxThreads="150"
>>>>> URIEncoding="UTF-8" compression="on" useSendfile="off"
>>>>> defaultSSLHostConfigName="*. xxxxxxxx.ca"
>>>>>
>>>>> <UpgradeProtocol
>>>>> className="org.apache.coyote.http2.Http2Protocol"
>>>>> compression="on"
>>>>> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/j
> ava
>>
>>>>>
> script,application/javascript,application/json,application/xml"
>>>>>
>>>>>
>> compressionMinSize="0"
>>>>> />
>
> Are you making requests directly to Tomcat, or is there a reverse
> proxy in between?
>
> Is is possible that a servlet other than the DefaultServlet is
> handling the request?
>
> - -chris
>
Hi Chris,
There is no proxy. I have tried again on the same box using localhost and then result is still the same, when http2 is enabled, gzip not working.
I have no other Servlet, but I have enabled HSTS in web.xml all the time (with or without http2).
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsIncludeSubDomains</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 8.5.27 HTTP/2 connector not supporting GZIP compression
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Pierre,
On 1/29/18 1:07 PM, Pierre Chiu wrote:
> Here is the request/response header. You can tell
> Content-Encoding:gzip is missing when http2 is enabled.
>
>
>
> General (same with/without http2) Request
> URL:https://xxxxxxxxx.ca/tomcat.css Request Method:GET Status
> Code:200 Remote Address:198.163.180.42:443 Referrer
> Policy:no-referrer-when-downgrade
>
>
> Request Headers (same with/without http2)
> Accept:text/css,*/*;q=0.1 Accept-Encoding:gzip, deflate, br
> Accept-Language:en-US,en;q=0.9,zh-TW;q=0.8,zh;q=0.7
> Cache-Control:no-cache Connection:keep-alive
> Cookie:_ga=GA1.2.1536574675.1508533871; __utmc=29525935;
> __utmz=29525935.1508478784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=
(none);
> __utma=29525935.990581674.1508478784.1516634493.1516996006.24
> DNT:1 Host:xxxxxxxxx.ca Pragma:no-cache
> Referer:https://xxxxxxxxx.ca/index.jsp User-Agent:Mozilla/5.0
> (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like
> Gecko) Chrome/63.0.3239.132 Safari/537.36
>
>
> Response Headers (without http2) Accept-Ranges:bytes
> Content-Encoding:gzip Content-Type:text/css Date:Mon, 29 Jan 2018
> 17:55:59 GMT ETag:W/"5931-1516324390000" Last-Modified:Fri, 19 Jan
> 2018 01:13:10 GMT
> Strict-Transport-Security:max-age=31536000;includeSubDomains
> Transfer-Encoding:chunked Vary:Accept-Encoding
> X-Content-Type-Options:nosniff X-Frame-Options:SAMEORIGIN
> X-XSS-Protection:1; mode=block
>
>
> Response Headers (with http2) accept-ranges:bytes
> content-type:text/css date:Mon, 29 Jan 2018 18:03:06 GMT
> etag:W/"5931-1516324390000" last-modified:Fri, 19 Jan 2018 01:13:10
> GMT status:200
> strict-transport-security:max-age=31536000;includeSubDomains
> x-content-type-options:nosniff x-frame-options:SAMEORIGIN
> x-xss-protection:1; mode=block
>
>
>
>> On Jan 29, 2018, at 9:49 AM, Christopher Schultz
>> <ch...@christopherschultz.net> wrote:
>>
> Pierre,
>
> On 1/29/18 7:03 AM, Pierre Chiu wrote:
>>>> According to the change log, this is fixed in in bug 60276.
>>>> However, I cannot make it work.
>>>>
>>>> Gzip compression working fine without the UpgradeProtocol
>>>> tag. Adding UpgradeProtocol for http2 and gzip compression
>>>> stop working.
>>>>
>>>>
>>>> <Connector port="443"
>>>> protocol="org.apache.coyote.http11.Http11AprProtocol"
>>>> SSLEnabled="true" scheme="https" secure="true"
>>>> maxHttpHeaderSize="32767" maxThreads="150"
>>>> URIEncoding="UTF-8" compression="on" useSendfile="off"
>>>> defaultSSLHostConfigName="*. xxxxxxxx.ca"
>>>>
>>>> <UpgradeProtocol
>>>> className="org.apache.coyote.http2.Http2Protocol"
>>>> compression="on"
>>>> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/j
ava
>
>>>>
script,application/javascript,application/json,application/xml"
>>>>
>>>>
> compressionMinSize="0"
>>>> />
Are you making requests directly to Tomcat, or is there a reverse
proxy in between?
Is is possible that a servlet other than the DefaultServlet is
handling the request?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlpvZ5cdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFjEPw//RpcMamGqoMW2Z5P0
x3cgjvriPpSIDfeG0iS8g+sQqbv4okrPGvftlzBd/7pjF4cGM2iUTNryyTXaLNmy
I61t8l0IMT8oCJpPhcRFar47F4+ftgN1GhfSm6yecFEVS8sZoDi5pK/CGZDsAu0s
JrObk2Rtsq4QiiFtL+X3kzixXaEdUBTPet2CukFR3fTIWlXDwaNzD2BO2bF87amg
2jTwiBGuRMAhwThiY0hdVMX1tjE+7poIlNntags3OCs0yOYq6/GAOQWL6AJwIm71
45cTmZ7IvzKNQG8YmUyXbYyMugCMZ41nbeXks0bEIvdf93AxBTEFaB8K1vOfKJ/R
zD4puW3p43wCc4m7IfhzM6P+ETqLLPHjJ37ygBNEvV9/q/sOk6adzVJ1MGkHBPps
HprBejOmBXWZggKZ5m/5uyhzHB46ucN59BbQdqeWRwjiY65PNB/KxT0JpHyQcSxZ
kKfmaFwdpq/4JI/HQ9wAbteEaEsiVqNlTzUjRmId4opsq1kZlYKOuNfl5uH3k9CW
ntfMMvQ7L5TBhWmO7yZTwMY0phZEvx51o9cwhV2RgAstUHKGANKA6SvwSezu9dex
Fp6+9MxsBBkG8Vfq0ceYtxPzT69Dlw+JlzaUb/g4aoc9eDvDnEbEi3iQ0sFkujy/
f2GJAq7dM/56dIxzhp9k+0fQYFo=
=hN1Q
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 8.5.27 HTTP/2 connector not supporting GZIP compression
Posted by Pierre Chiu <pc...@gmail.com>.
Hi Christopher,
Here is the request/response header. You can tell Content-Encoding:gzip is missing when http2 is enabled.
General (same with/without http2)
Request URL:https://xxxxxxxxx.ca/tomcat.css
Request Method:GET
Status Code:200
Remote Address:198.163.180.42:443
Referrer Policy:no-referrer-when-downgrade
Request Headers (same with/without http2)
Accept:text/css,*/*;q=0.1
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.9,zh-TW;q=0.8,zh;q=0.7
Cache-Control:no-cache
Connection:keep-alive
Cookie:_ga=GA1.2.1536574675.1508533871; __utmc=29525935; __utmz=29525935.1508478784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=29525935.990581674.1508478784.1516634493.1516996006.24
DNT:1
Host:xxxxxxxxx.ca
Pragma:no-cache
Referer:https://xxxxxxxxx.ca/index.jsp
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Response Headers (without http2)
Accept-Ranges:bytes
Content-Encoding:gzip
Content-Type:text/css
Date:Mon, 29 Jan 2018 17:55:59 GMT
ETag:W/"5931-1516324390000"
Last-Modified:Fri, 19 Jan 2018 01:13:10 GMT
Strict-Transport-Security:max-age=31536000;includeSubDomains
Transfer-Encoding:chunked
Vary:Accept-Encoding
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN
X-XSS-Protection:1; mode=block
Response Headers (with http2)
accept-ranges:bytes
content-type:text/css
date:Mon, 29 Jan 2018 18:03:06 GMT
etag:W/"5931-1516324390000"
last-modified:Fri, 19 Jan 2018 01:13:10 GMT
status:200
strict-transport-security:max-age=31536000;includeSubDomains
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-xss-protection:1; mode=block
> On Jan 29, 2018, at 9:49 AM, Christopher Schultz <ch...@christopherschultz.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Pierre,
>
> On 1/29/18 7:03 AM, Pierre Chiu wrote:
>> According to the change log, this is fixed in in bug 60276.
>> However, I cannot make it work.
>>
>> Gzip compression working fine without the UpgradeProtocol tag.
>> Adding UpgradeProtocol for http2 and gzip compression stop
>> working.
>>
>>
>> <Connector port="443"
>> protocol="org.apache.coyote.http11.Http11AprProtocol"
>> SSLEnabled="true" scheme="https" secure="true"
>> maxHttpHeaderSize="32767" maxThreads="150" URIEncoding="UTF-8"
>> compression="on" useSendfile="off" defaultSSLHostConfigName="*.
>> xxxxxxxx.ca"
>>
>> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
>> compression="on"
>> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/java
> script,application/javascript,application/json,application/xml"
>>
>>
> compressionMinSize="0"
>> />
>>
>> <SSLHostConfig hostName="*.xxxxxxxx.ca"
>> disableSessionTickets="true"
>> ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
>> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
>> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
>> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
>> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
>> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
>> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
>> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
>> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
>> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
>> TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
>> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
>> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
>> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
>> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
>> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
>> TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
>> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
>> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
>> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
>> TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256,
>> TLS_EMPTY_RENEGOTIATION_INFO_SCSVF"
>>>
>> <Certificate CertificateFile="${catalina.home}\conf\ssl\
>> xxxxxxxx.ca.crt" CertificateKeyFile="${catalina.home}\conf\ssl\
>> xxxxxxxx.ca.pem"
>> CertificateChainFile="${catalina.home}\conf\ssl\gd_bundle-g2-g1.crt"
>>
>>
> type="RSA" />
>> </SSLHostConfig> </Connector>
>
>
> What does your request look like? Complete headers are important. What
> does the response look like? Only the headers are important.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlpvNJQdHGNocmlzQGNo
> cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFiI3g/+L0hTRObxnmFWwrHV
> ryUbfH0EhuyGnUWWf/ZLiCjY3c8jwIqg6YMqgSsId4dMIU+ivhJDMVczJ2ymzGeg
> loPBRsrOKwhIEFwvKKCEtVi6t6LCiv9NzMAv68wg/8BaTDJBYLXfl2VJ28onDbaG
> 7s43F0fqnxtv8tOhL9MT3YVRtosJoY8UeSp18Sl6DuYXVtWbK/Qmi3TMFE6uhEZY
> yHAkhu1fsWjfIns/PiVeWf6MK4rqXceW3gcsPC3JM0WA4QGttUfL2il0JD/ZXHtT
> 4oXvv+lajmFwAVLNOVxOmNBPlPzKh+hBMJMtcjHFHpsET+7aY8kYycVaVlNqLm1t
> +mXmzwXbFnuZlyrk3vk+2DWi3LE8Fh2Eej8vUhFWkxbxJcg2CcksMkc6CNahhyn5
> wOQWV7jKcfH0PlHALlS589TLMd0RAK1yy8atAQnoGHqH/YEZEE+CKj9O4o19laSE
> rueZ8F09GZkz6bMlVqVbZRb9oMEedm28IGjhc4mZurxADr+Uug8zPL60Sxc4EMiL
> RRfLi1MMLH206A9/R3qNUZXmN86hyHu3TArpvaonoGQqO98ZPKWIc1VYKxJD3OZb
> TYeWHfIRWQGn/wVNgxUhAQw+RYvsif0tSlvCaXpC8NpuSCzhO+VxVplJ5l9vyXTj
> eY1BiUNphjOdRtsBTbhSk18NtnQ=
> =sxAm
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 8.5.27 HTTP/2 connector not supporting GZIP compression
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Pierre,
On 1/29/18 7:03 AM, Pierre Chiu wrote:
> According to the change log, this is fixed in in bug 60276.
> However, I cannot make it work.
>
> Gzip compression working fine without the UpgradeProtocol tag.
> Adding UpgradeProtocol for http2 and gzip compression stop
> working.
>
>
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> SSLEnabled="true" scheme="https" secure="true"
> maxHttpHeaderSize="32767" maxThreads="150" URIEncoding="UTF-8"
> compression="on" useSendfile="off" defaultSSLHostConfigName="*.
> xxxxxxxx.ca"
>
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> compression="on"
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/java
script,application/javascript,application/json,application/xml"
>
>
compressionMinSize="0"
> />
>
> <SSLHostConfig hostName="*.xxxxxxxx.ca"
> disableSessionTickets="true"
> ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
> TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
> TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
> TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
> TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
> TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
> TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
> TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256,
> TLS_EMPTY_RENEGOTIATION_INFO_SCSVF"
>>
> <Certificate CertificateFile="${catalina.home}\conf\ssl\
> xxxxxxxx.ca.crt" CertificateKeyFile="${catalina.home}\conf\ssl\
> xxxxxxxx.ca.pem"
> CertificateChainFile="${catalina.home}\conf\ssl\gd_bundle-g2-g1.crt"
>
>
type="RSA" />
> </SSLHostConfig> </Connector>
What does your request look like? Complete headers are important. What
does the response look like? Only the headers are important.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlpvNJQdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFiI3g/+L0hTRObxnmFWwrHV
ryUbfH0EhuyGnUWWf/ZLiCjY3c8jwIqg6YMqgSsId4dMIU+ivhJDMVczJ2ymzGeg
loPBRsrOKwhIEFwvKKCEtVi6t6LCiv9NzMAv68wg/8BaTDJBYLXfl2VJ28onDbaG
7s43F0fqnxtv8tOhL9MT3YVRtosJoY8UeSp18Sl6DuYXVtWbK/Qmi3TMFE6uhEZY
yHAkhu1fsWjfIns/PiVeWf6MK4rqXceW3gcsPC3JM0WA4QGttUfL2il0JD/ZXHtT
4oXvv+lajmFwAVLNOVxOmNBPlPzKh+hBMJMtcjHFHpsET+7aY8kYycVaVlNqLm1t
+mXmzwXbFnuZlyrk3vk+2DWi3LE8Fh2Eej8vUhFWkxbxJcg2CcksMkc6CNahhyn5
wOQWV7jKcfH0PlHALlS589TLMd0RAK1yy8atAQnoGHqH/YEZEE+CKj9O4o19laSE
rueZ8F09GZkz6bMlVqVbZRb9oMEedm28IGjhc4mZurxADr+Uug8zPL60Sxc4EMiL
RRfLi1MMLH206A9/R3qNUZXmN86hyHu3TArpvaonoGQqO98ZPKWIc1VYKxJD3OZb
TYeWHfIRWQGn/wVNgxUhAQw+RYvsif0tSlvCaXpC8NpuSCzhO+VxVplJ5l9vyXTj
eY1BiUNphjOdRtsBTbhSk18NtnQ=
=sxAm
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org