You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2006/12/18 16:37:05 UTC
DO NOT REPLY [Bug 41202] New: - strange ssl tomcat response
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41202>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41202
Summary: strange ssl tomcat response
Product: Tomcat 5
Version: 5.5.20
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: tsurkin@mail.jct.ac.il
After installing and configuring tomcat 5.5 to use ssl if i am trying to request
the ssl
port with non ssl protocol i am getting a result that i can't understand - this
looks like
a strange stream of bits.
Here are the steps to reproduce:
--------------------------------------------------------------------------------------
[1] Do a regular (vanilla) installation of tomcat (Linux and Windows i have
already tried) .
[2] Setup ssl:
Uncomment the ssl setup in server.xml create a key with the following:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
or
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
(taken from tomcat's manual)
add the keystorePass and keystoreFile to server.xml
start the tomcat and test if the ssl works .
[3] Try this in browser:
http://localhost:8443 (note the http not the https)
or
telnet localhost 8443
Note that the telnet should be done from a terminal that can show binary
output.
(rxvt,xterm will NOT do,for me gnome terminal and cmd on windows worked).
in the telnet session you will get a connection type something ,hit ENTER
and you will get
strange bits in the response.
If you are doing this in browser it will just try to download those bits
(Mozilla) or show it on the screen (IE).
I am pretty sure that this is NOT valid behaviour.
I have tried all this on :
tomcat 5.5.20
java 1.5.0_09
and
same tomcat
java 1.5.0_06
Both Linux and Windows .
-----------------------------------------------------------------------------------------------------
The same behaviuor was reported on WebSpher server ,so this is probably a
jvm problem.However it can be very simple fix in tomcat :
if the scheme is not ssl (https) - return 400 error (or whatever it shold be).
Just to make it clear :
It was suggested by one of the users that this is a tomcat trying to do ssl
negotiating.
However it seems to me that if client is not sending the ssl negotiating first then
server should not try to do this.Here is what i have found in rfc (TLS 1.0):
"These goals are achieved by the handshake protocol, which can be
summarized as follows: The client sends a client hello message to
which the server must respond with a server hello message, or else a
fatal error will occur and the connection will fail."
Here is the link to the users list for the discussion:
http://marc.theaimsgroup.com/?l=tomcat-user&m=116609043103294&w=2
Note also that other servers i have worked with (non-java) do not do this:
try to telnet to ssl port of gmail and you will not get any response (connection
yes,response - no).
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41202] - strange ssl tomcat response
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41202>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41202
yoavs@computer.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From yoavs@computer.org 2006-12-26 16:39 -------
As others noted in the mailing list thread you link to, this is not a Tomcat bug
if it's a bug at all. Personally, I think the NAK response (which is what these
"strange" bytes are: they're not nonsense) is good, it's a legit no-handshake
response.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org