You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Mark A. Claassen" <MC...@ocie.net> on 2021/06/10 15:37:52 UTC
Strange connection error
I just upgraded from 9.0.12 to 9.0.46. Everything seemed to go pretty smoothly, but I am getting a strange connection error from certain connections
We have several different things that connect to the webserver. Browsers connect fine. We have a monitoring script in Perl that works fine. However, a Java program, which worked fine under the old version of tomcat, can no longer connect.
The access log prints out very odd information. Right now it is configured as:
pattern="%{yyyy-MM-dd HH:mm:ss}t %H %h %m "%U" "%q" STATUS(%s) BYTES(%b) "%{User-Agent}i" "%{Referer}i&
quot; %I"/>
However the output for this failed connection is:
2021-06-10 11:21:19 null [[Actual IP address]] null "null" "" STATUS(400) BYTES(-) "-" "-" null
All other connections show in the access log as I would expect.
Does anyone have any idea what is going on here?
-----
Extra Information:
- I am using the APR connector and OpenSSL.
- I did not recompile any of the native libraries; they are still using the ones from 9.0.12.
- We have an Apache webserver we use as a reverse proxy. When connecting through that, things work.
- Wireshark has this to say about the failure:
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
Content Type: Alert (21)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)
Thanks for your time,
Mark
-----------------------------------
Mark Claassen
Senior Software Engineer
Donnell Systems, Inc.
130 South Main Street
Leighton Plaza Suite 375
South Bend, IN 46601
E-mail: mailto:mclaassen@ocie.net
Voice: (574)232-3784
Fax: (574)232-4014
Disclaimer:
The opinions provided herein do not necessarily state or reflect
those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and
assumes no legal liability or responsibility for the posting.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Strange connection error
Posted by Mark Thomas <ma...@apache.org>.
On 10/06/2021 18:11, Mark A. Claassen wrote:
> Thanks for the reply.
>
> Is doesn't seem like OpenSSL is rejecting the connection. I would have thought that if OpenSSL would have rejected the connection, it would not hit even hit the access log. Maybe that is not the case.
>
> But, to answer your question, we did not upgrade the version of Java. We are using 1.8.0_265 on the server. The Java client did not change either.
Try using Wireshark with SSLKEYLOGFILE to look at the decrypted version.
You'll get a lot more info about what is going on. I think you'll need
to update Tomcat Native to do that though. I don't think Java supports
that env variable.
Mark
>
> ------------
>
> Mark Claassen
> Senior Software Engineer
>
> Donnell Systems, Inc.
> 130 South Main Street
> Leighton Plaza Suite 375
> South Bend, IN 46601
> E-mail: mailto:mclaassen@ocie.net
> Voice: (574)232-3784
> Fax: (574)232-4014
>
> Disclaimer:
> The opinions provided herein do not necessarily state or reflect
> those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and
> assumes no legal liability or responsibility for the posting.
>
>
> -----Original Message-----
> From: jonmcalexander@wellsfargo.com.INVALID <jo...@wellsfargo.com.INVALID>
> Sent: Thursday, June 10, 2021 12:02 PM
> To: users@tomcat.apache.org
> Subject: [Possible Spam] RE: Strange connection error
> Importance: Low
>
> Is it a cypher issue? (noting the handshake issue). Did you also upgrade the Java at the same time?
>
> Dream * Excel * Explore * Inspire
> Jon McAlexander
> Infrastructure Engineer
> Asst Vice President
>
> Middleware Product Engineering
> Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
>
> 8080 Cobblestone Rd | Urbandale, IA 50322
> MAC: F4469-010
> Tel 515-988-2508 | Cell 515-988-2508
>
> jonmcalexander@wellsfargo.com
>
> Upcoming PTO: 10/30/2020, 11/6/2020, 11/13/2020, 11/20/2020, 11/27/2020, 12/2/2020, 12/4/2020, 12/11/2020, 12/18/2020, 12/28/2020, 12/29/2020, 12/30/2020, 12/31/2020 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
>
>
>> -----Original Message-----
>> From: Mark A. Claassen <MC...@ocie.net>
>> Sent: Thursday, June 10, 2021 10:38 AM
>> To: users@tomcat.apache.org
>> Subject: Strange connection error
>>
>> I just upgraded from 9.0.12 to 9.0.46. Everything seemed to go pretty
>> smoothly, but I am getting a strange connection error from certain
>> connections
>>
>> We have several different things that connect to the webserver.
>> Browsers connect fine. We have a monitoring script in Perl that works
>> fine. However, a Java program, which worked fine under the old
>> version of tomcat, can no longer connect.
>>
>> The access log prints out very odd information. Right now it is configured as:
>> pattern="%{yyyy-MM-dd HH:mm:ss}t %H %h %m "%U"
>> "%q" STATUS(%s) BYTES(%b) "%{User-Agent}i"
>> "%{Referer}i& quot; %I"/>
>>
>> However the output for this failed connection is:
>> 2021-06-10 11:21:19 null [[Actual IP address]] null "null" ""
>> STATUS(400) BYTES(-) "-" "-" null All other connections show in the
>> access log as I would expect.
>>
>> Does anyone have any idea what is going on here?
>> -----
>> Extra Information:
>> - I am using the APR connector and OpenSSL.
>> - I did not recompile any of the native libraries; they are still
>> using the ones from 9.0.12.
>> - We have an Apache webserver we use as a reverse proxy. When
>> connecting through that, things work.
>>
>> - Wireshark has this to say about the failure:
>>
>> TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake
>> Failure)
>> Content Type: Alert (21)
>> Length: 2
>> Alert Message
>> Level: Fatal (2)
>> Description: Handshake Failure (40) Thanks for your time, Mark
>>
>> -----------------------------------
>> Mark Claassen
>> Senior Software Engineer
>>
>> Donnell Systems, Inc.
>> 130 South Main Street
>> Leighton Plaza Suite 375
>> South Bend, IN 46601
>> E-mail: mailto:mclaassen@ocie.net
>> Voice: (574)232-3784
>> Fax: (574)232-4014
>>
>> Disclaimer:
>> The opinions provided herein do not necessarily state or reflect those
>> of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes
>> no legal liability or responsibility for the posting.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Strange connection error
Posted by "Mark A. Claassen" <MC...@ocie.net>.
Thanks for the reply.
Is doesn't seem like OpenSSL is rejecting the connection. I would have thought that if OpenSSL would have rejected the connection, it would not hit even hit the access log. Maybe that is not the case.
But, to answer your question, we did not upgrade the version of Java. We are using 1.8.0_265 on the server. The Java client did not change either.
------------
Mark Claassen
Senior Software Engineer
Donnell Systems, Inc.
130 South Main Street
Leighton Plaza Suite 375
South Bend, IN 46601
E-mail: mailto:mclaassen@ocie.net
Voice: (574)232-3784
Fax: (574)232-4014
Disclaimer:
The opinions provided herein do not necessarily state or reflect
those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and
assumes no legal liability or responsibility for the posting.
-----Original Message-----
From: jonmcalexander@wellsfargo.com.INVALID <jo...@wellsfargo.com.INVALID>
Sent: Thursday, June 10, 2021 12:02 PM
To: users@tomcat.apache.org
Subject: [Possible Spam] RE: Strange connection error
Importance: Low
Is it a cypher issue? (noting the handshake issue). Did you also upgrade the Java at the same time?
Dream * Excel * Explore * Inspire
Jon McAlexander
Infrastructure Engineer
Asst Vice President
Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexander@wellsfargo.com
Upcoming PTO: 10/30/2020, 11/6/2020, 11/13/2020, 11/20/2020, 11/27/2020, 12/2/2020, 12/4/2020, 12/11/2020, 12/18/2020, 12/28/2020, 12/29/2020, 12/30/2020, 12/31/2020 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
> -----Original Message-----
> From: Mark A. Claassen <MC...@ocie.net>
> Sent: Thursday, June 10, 2021 10:38 AM
> To: users@tomcat.apache.org
> Subject: Strange connection error
>
> I just upgraded from 9.0.12 to 9.0.46. Everything seemed to go pretty
> smoothly, but I am getting a strange connection error from certain
> connections
>
> We have several different things that connect to the webserver.
> Browsers connect fine. We have a monitoring script in Perl that works
> fine. However, a Java program, which worked fine under the old
> version of tomcat, can no longer connect.
>
> The access log prints out very odd information. Right now it is configured as:
> pattern="%{yyyy-MM-dd HH:mm:ss}t %H %h %m "%U"
> "%q" STATUS(%s) BYTES(%b) "%{User-Agent}i"
> "%{Referer}i& quot; %I"/>
>
> However the output for this failed connection is:
> 2021-06-10 11:21:19 null [[Actual IP address]] null "null" ""
> STATUS(400) BYTES(-) "-" "-" null All other connections show in the
> access log as I would expect.
>
> Does anyone have any idea what is going on here?
> -----
> Extra Information:
> - I am using the APR connector and OpenSSL.
> - I did not recompile any of the native libraries; they are still
> using the ones from 9.0.12.
> - We have an Apache webserver we use as a reverse proxy. When
> connecting through that, things work.
>
> - Wireshark has this to say about the failure:
>
> TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake
> Failure)
> Content Type: Alert (21)
> Length: 2
> Alert Message
> Level: Fatal (2)
> Description: Handshake Failure (40) Thanks for your time, Mark
>
> -----------------------------------
> Mark Claassen
> Senior Software Engineer
>
> Donnell Systems, Inc.
> 130 South Main Street
> Leighton Plaza Suite 375
> South Bend, IN 46601
> E-mail: mailto:mclaassen@ocie.net
> Voice: (574)232-3784
> Fax: (574)232-4014
>
> Disclaimer:
> The opinions provided herein do not necessarily state or reflect those
> of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes
> no legal liability or responsibility for the posting.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Strange connection error
Posted by jo...@wellsfargo.com.INVALID.
Is it a cypher issue? (noting the handshake issue). Did you also upgrade the Java at the same time?
Dream * Excel * Explore * Inspire
Jon McAlexander
Infrastructure Engineer
Asst Vice President
Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508
jonmcalexander@wellsfargo.com
Upcoming PTO: 10/30/2020, 11/6/2020, 11/13/2020, 11/20/2020, 11/27/2020, 12/2/2020, 12/4/2020, 12/11/2020, 12/18/2020, 12/28/2020, 12/29/2020, 12/30/2020, 12/31/2020
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
> -----Original Message-----
> From: Mark A. Claassen <MC...@ocie.net>
> Sent: Thursday, June 10, 2021 10:38 AM
> To: users@tomcat.apache.org
> Subject: Strange connection error
>
> I just upgraded from 9.0.12 to 9.0.46. Everything seemed to go pretty
> smoothly, but I am getting a strange connection error from certain
> connections
>
> We have several different things that connect to the webserver. Browsers
> connect fine. We have a monitoring script in Perl that works fine. However,
> a Java program, which worked fine under the old version of tomcat, can no
> longer connect.
>
> The access log prints out very odd information. Right now it is configured as:
> pattern="%{yyyy-MM-dd HH:mm:ss}t %H %h %m "%U"
> "%q" STATUS(%s) BYTES(%b) "%{User-Agent}i"
> "%{Referer}i& quot; %I"/>
>
> However the output for this failed connection is:
> 2021-06-10 11:21:19 null [[Actual IP address]] null "null" ""
> STATUS(400) BYTES(-) "-" "-" null All other connections show in the access log
> as I would expect.
>
> Does anyone have any idea what is going on here?
> -----
> Extra Information:
> - I am using the APR connector and OpenSSL.
> - I did not recompile any of the native libraries; they are still using the ones
> from 9.0.12.
> - We have an Apache webserver we use as a reverse proxy. When
> connecting through that, things work.
>
> - Wireshark has this to say about the failure:
>
> TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake
> Failure)
> Content Type: Alert (21)
> Length: 2
> Alert Message
> Level: Fatal (2)
> Description: Handshake Failure (40)
> Thanks for your time,
> Mark
>
> -----------------------------------
> Mark Claassen
> Senior Software Engineer
>
> Donnell Systems, Inc.
> 130 South Main Street
> Leighton Plaza Suite 375
> South Bend, IN 46601
> E-mail: mailto:mclaassen@ocie.net
> Voice: (574)232-3784
> Fax: (574)232-4014
>
> Disclaimer:
> The opinions provided herein do not necessarily state or reflect those of
> Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal
> liability or responsibility for the posting.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org