You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kirill Ilyukhin <ki...@gmail.com> on 2019/05/08 04:23:46 UTC
HTTP2 gzip compression and Safari browser
Hi,
I am trying to run Tomcat with HTTP/2 support. Everything works perfectly
fine until I enable content compression.
Google Chrome on Mac OS is OK with gzip compression. Apple Safari on Mac OS
and iOS fail with “The operation couldn’t be completed. Protocol error”
(NSPOSIXErrorDomain:100). iOS URLSession also does not work.
Is it something wrong with my configuration or code?
Please see below server setup, connector configuration and servlet code.
Server version: Apache Tomcat/8.5.39
Server built: Mar 14 2019 11:24:26 UTC
Server number: 8.5.39.0
OS Name: Mac OS X
OS Version: 10.13.6
Architecture: x86_64
JVM Version: 9.0.1+11
JVM Vendor: Oracle Corporation
Loaded APR based Apache Tomcat Native library [1.2.21] using APR version
[1.6.5].
APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
OpenSSL successfully initialized [OpenSSL 1.0.2r 26 Feb 2019]
The ["https-openssl-nio-8080"] connector has been configured to support
negotiation to [h2] via ALPN
<Connector port="8080"
protocol="org.apache.coyote.http11.Http11NioProtocol"
asyncTimeout="20000"
URIEncoding="utf-8"
acceptorThreadCount="1"
compressibleMimeType="text/html,text/xml,text/plain,text/x-json,application/javascript,application/json,text/css"
compression="force"
connectionTimeout="20000"
minSpareThreads="2"
maxThreads="1024"
processorCache="512"
useSendfile="true"
SSLEnabled="true"
secure="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
compressibleMimeType="text/html,text/xml,text/plain,text/x-json,application/javascript,application/json,text/css"
compression="force" />
<SSLHostConfig><Certificate certificateKeyFile="xxx"
certificateFile="yyy" certificateChainFile="zzz" type="RSA"
/></SSLHostConfig>
</Connector>
public class TestServlet extends javax.servlet.http.HttpServlet {
protected void doGet(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) throws
javax.servlet.ServletException, java.io.IOException {
response.setContentType("text/plain");
response.setCharacterEncoding("utf-8");
response.getWriter().write("Lorem ipsum dolor sit amet");
}
}
Thank you,
Kirill
Re: HTTP2 gzip compression and Safari browser
Posted by Mark Thomas <ma...@apache.org>.
On 08/05/2019 13:27, Kirill Ilyukhin wrote:
> Mark,
>
> Could you please take a closer look to the issue? This happens with Safari
> and native apps on iOS 11 and iOS 12 which means that Tomcat HTTP/2 cannot
> be enabled for any service with iOS clients.
I've done all I can. The data passed back by Tomcat is valid as far as I
can tell.
This needs to be followed up with the browser vendor(s) affected.
If someone can point to something Tomcat is doing incorrectly I'll
happily take a look but - after looking at the data sent back - it all
looks valid to me.
Mark
>
> If we open https://www.google.com in Safari (both iOS and Mac OS), we see
> that HTML and JS are received over HTTP/2 with GZIP compression. So in
> general Safari supports HTTP/2+GZIP.
> Could it be that Tomcat does some sort of HTTP/2+GZIP which conforms to all
> the specs but somehow is "Apple-incompatible"? Do you think some subtle
> changes (including crazy ones like headers order, etc) might fix the issue?
>
> Thank you,
> Kirill
>
> On Wed, 8 May 2019 at 17:08, Mark Thomas <ma...@apache.org> wrote:
>
>> Although I find it hard to believe, this looks like a browser bug. There
>> is a similar issue with FireFox:
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=63354
>>
>> I suggest opening an issue with Apple.
>>
>> Mark
>>
>>
>>
>> On 08/05/2019 05:23, Kirill Ilyukhin wrote:
>>> Hi,
>>>
>>> I am trying to run Tomcat with HTTP/2 support. Everything works perfectly
>>> fine until I enable content compression.
>>> Google Chrome on Mac OS is OK with gzip compression. Apple Safari on Mac
>> OS
>>> and iOS fail with “The operation couldn’t be completed. Protocol error”
>>> (NSPOSIXErrorDomain:100). iOS URLSession also does not work.
>>> Is it something wrong with my configuration or code?
>>> Please see below server setup, connector configuration and servlet code.
>>>
>>> Server version: Apache Tomcat/8.5.39
>>> Server built: Mar 14 2019 11:24:26 UTC
>>> Server number: 8.5.39.0
>>> OS Name: Mac OS X
>>> OS Version: 10.13.6
>>> Architecture: x86_64
>>> JVM Version: 9.0.1+11
>>> JVM Vendor: Oracle Corporation
>>> Loaded APR based Apache Tomcat Native library [1.2.21] using APR version
>>> [1.6.5].
>>> APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
>>> random [true].
>>> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
>>> OpenSSL successfully initialized [OpenSSL 1.0.2r 26 Feb 2019]
>>> The ["https-openssl-nio-8080"] connector has been configured to support
>>> negotiation to [h2] via ALPN
>>>
>>>
>>> <Connector port="8080"
>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>> asyncTimeout="20000"
>>> URIEncoding="utf-8"
>>> acceptorThreadCount="1"
>>>
>>>
>> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,application/javascript,application/json,text/css"
>>> compression="force"
>>> connectionTimeout="20000"
>>> minSpareThreads="2"
>>> maxThreads="1024"
>>> processorCache="512"
>>> useSendfile="true"
>>> SSLEnabled="true"
>>> secure="true" >
>>> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
>>>
>>>
>> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,application/javascript,application/json,text/css"
>>> compression="force" />
>>> <SSLHostConfig><Certificate certificateKeyFile="xxx"
>>> certificateFile="yyy" certificateChainFile="zzz" type="RSA"
>>> /></SSLHostConfig>
>>> </Connector>
>>>
>>>
>>> public class TestServlet extends javax.servlet.http.HttpServlet {
>>> protected void doGet(javax.servlet.http.HttpServletRequest request,
>>> javax.servlet.http.HttpServletResponse response) throws
>>> javax.servlet.ServletException, java.io.IOException {
>>> response.setContentType("text/plain");
>>> response.setCharacterEncoding("utf-8");
>>> response.getWriter().write("Lorem ipsum dolor sit amet");
>>> }
>>> }
>>>
>>>
>>> Thank you,
>>> Kirill
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] HTTP2 gzip compression and Safari browser
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Kirill,
On 5/8/19 23:20, Kirill Ilyukhin wrote:
> This might be a bad idea, but I have exactly the same issue with
> static content (simple index.html file). Also BREACH vulnerability
> implies three conditions, a webapp developer may decide to use
> TLS+gzip because one of them is not satisfied for a particular
> service. I suppose servers and clients should support any valid
> configuration.
>
> My web application feeds its clients with large chunks of plain
> text data. Clients are mobile devices which are sensitive to
> network traffic usage, HTTP compression is a must.
Sounds reasonable. In any case, the server and the client should work
together, regardless of whether it's a risky configuration or not.
I was just wondering if maybe this incompatibility might be a
non-issue. But in your case, I think it is.
- -chris
> On Thu, 9 May 2019 at 01:08, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
> Kirill,
>
> Is it a good idea to use TLS+gzip for dynamic services?
>
> http://breachattack.com/
>
> ?
>
> -chris
>
> On 5/8/19 08:27, Kirill Ilyukhin wrote:
>>>> Mark,
>>>>
>>>> Could you please take a closer look to the issue? This
>>>> happens with Safari and native apps on iOS 11 and iOS 12
>>>> which means that Tomcat HTTP/2 cannot be enabled for any
>>>> service with iOS clients.
>>>>
>>>> If we open https://www.google.com in Safari (both iOS and Mac
>>>> OS), we see that HTML and JS are received over HTTP/2 with
>>>> GZIP compression. So in general Safari supports HTTP/2+GZIP.
>>>> Could it be that Tomcat does some sort of HTTP/2+GZIP which
>>>> conforms to all the specs but somehow is
>>>> "Apple-incompatible"? Do you think some subtle changes
>>>> (including crazy ones like headers order, etc) might fix the
>>>> issue?
>>>>
>>>> Thank you, Kirill
>>>>
>>>> On Wed, 8 May 2019 at 17:08, Mark Thomas <ma...@apache.org>
>>>> wrote:
>>>>
>>>>> Although I find it hard to believe, this looks like a
>>>>> browser bug. There is a similar issue with FireFox:
>>>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=63354
>>>>>
>>>>> I suggest opening an issue with Apple.
>>>>>
>>>>> Mark
>>>>>
>>>>>
>>>>>
>>>>> On 08/05/2019 05:23, Kirill Ilyukhin wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I am trying to run Tomcat with HTTP/2 support. Everything
>>>>>> works perfectly fine until I enable content compression.
>>>>>> Google Chrome on Mac OS is OK with gzip compression.
>>>>>> Apple Safari on Mac
>>>>> OS
>>>>>> and iOS fail with “The operation couldn’t be completed.
>>>>>> Protocol error” (NSPOSIXErrorDomain:100). iOS URLSession
>>>>>> also does not work. Is it something wrong with my
>>>>>> configuration or code? Please see below server setup,
>>>>>> connector configuration and servlet code.
>>>>>>
>>>>>> Server version: Apache Tomcat/8.5.39 Server built: Mar
>>>>>> 14 2019 11:24:26 UTC Server number: 8.5.39.0 OS Name:
>>>>>> Mac OS X OS Version: 10.13.6 Architecture: x86_64
>>>>>> JVM Version: 9.0.1+11 JVM Vendor: Oracle
>>>>>> Corporation Loaded APR based Apache Tomcat Native library
>>>>>> [1.2.21] using APR version [1.6.5]. APR capabilities:
>>>>>> IPv6 [true], sendfile [true], accept filters [false],
>>>>>> random [true]. APR/OpenSSL configuration: useAprConnector
>>>>>> [false], useOpenSSL [true] OpenSSL successfully
>>>>>> initialized [OpenSSL 1.0.2r 26 Feb 2019] The
>>>>>> ["https-openssl-nio-8080"] connector has been configured
>>>>>> to support negotiation to [h2] via ALPN
>>>>>>
>>>>>>
>>>>>> <Connector port="8080"
>>>>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>>>>> asyncTimeout="20000" URIEncoding="utf-8"
>>>>>> acceptorThreadCount="1"
>>>>>>
>>>>>>
>>>>> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,ap
pli
>
>>>>>
cation/javascript,application/json,text/css"
>>>>>>
>>>>>
> compression="force"
>>>>>> connectionTimeout="20000" minSpareThreads="2"
>>>>>> maxThreads="1024" processorCache="512"
>>>>>> useSendfile="true" SSLEnabled="true" secure="true" >
>>>>>> <UpgradeProtocol
>>>>>> className="org.apache.coyote.http2.Http2Protocol"
>>>>>>
>>>>>>
>>>>> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,ap
pli
>
>>>>>
cation/javascript,application/json,text/css"
>>>>>>
>>>>>
> compression="force" />
>>>>>> <SSLHostConfig><Certificate certificateKeyFile="xxx"
>>>>>> certificateFile="yyy" certificateChainFile="zzz"
>>>>>> type="RSA" /></SSLHostConfig> </Connector>
>>>>>>
>>>>>>
>>>>>> public class TestServlet extends
>>>>>> javax.servlet.http.HttpServlet { protected void
>>>>>> doGet(javax.servlet.http.HttpServletRequest request,
>>>>>> javax.servlet.http.HttpServletResponse response) throws
>>>>>> javax.servlet.ServletException, java.io.IOException {
>>>>>> response.setContentType("text/plain");
>>>>>> response.setCharacterEncoding("utf-8");
>>>>>> response.getWriter().write("Lorem ipsum dolor sit amet");
>>>>>> } }
>>>>>>
>>>>>>
>>>>>> Thank you, Kirill
>>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------
- ---
>>>>>
>>>>>
>
>>>>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail:
>>>>> users-help@tomcat.apache.org
>>>>>
>>>>>
>>>>
>>
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlzUSWQACgkQHPApP6U8
pFgLIQ//WRdSZjlFtoxka7pT17OLvZEweyBgn7UK4If6MVZOW2zBam2X+QYK6zaY
RzVJDsxujrhI5ZqbceJSqv5V+vykiLMMAsuU0EJBltcd9dEWkOOP1pcJtQzIT03m
T9YD/cuTqMeNZsnxOhqPcMSh3nEYKF4ubmnlwKi/4rQxGZC7uLQxv7Bz1GR+LN9R
jDxJsxN4eMnK6y5lI8aGE3m1GdBXCx875UtQpARnFuHn4Xa+PTqlPNJJhV0hhgKT
vFSp9nj7rdz2WBu7MML4OqZXjxBBi8xcbOOyfyLflaRTYiFIclbokx3Gxk5HP6N3
x7mkvhyvw45GmIJcZF5jpOtg2OKzZbxUYDmLsYI3zfx5/BJ/dVyYtZkkRXIT56ko
XPJyUH13QKTwBZCj7LfTLwrsVfmiqYipvSwn0Vbbu2jheQoOGxWsFmTrg0HlulTt
iEiAVwSricw6kyWA1vNsuj9+K0wyndoPcJJc4LdVXxxdu3ltdIWmAnke1XFO2IBU
CsOXNUb89oPy4pCLFRU64ICy1QxQtkK92/cwII7J81qGazJzsn8/4fVZflKDEJxO
iHFwhY8SMktrjUXRt1iqJ/mRgrC3bdPzTNBcVEG/3nwvnfIEazuav6jTdjXf+HJj
pTqTzFT9ZahfObaIouRhMWtNTjBCh/n3+QadsstZUxUnopLa+XE=
=rvym
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] HTTP2 gzip compression and Safari browser
Posted by Kirill Ilyukhin <ki...@gmail.com>.
Christopher,
This might be a bad idea, but I have exactly the same issue with static
content (simple index.html file). Also BREACH vulnerability implies three
conditions, a webapp developer may decide to use TLS+gzip because one of
them is not satisfied for a particular service. I suppose servers and
clients should support any valid configuration.
My web application feeds its clients with large chunks of plain text data.
Clients are mobile devices which are sensitive to network traffic usage,
HTTP compression is a must.
Thank you,
Kirill
On Thu, 9 May 2019 at 01:08, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Kirill,
>
> Is it a good idea to use TLS+gzip for dynamic services?
>
> http://breachattack.com/
>
> ?
>
> - -chris
>
> On 5/8/19 08:27, Kirill Ilyukhin wrote:
> > Mark,
> >
> > Could you please take a closer look to the issue? This happens with
> > Safari and native apps on iOS 11 and iOS 12 which means that Tomcat
> > HTTP/2 cannot be enabled for any service with iOS clients.
> >
> > If we open https://www.google.com in Safari (both iOS and Mac OS),
> > we see that HTML and JS are received over HTTP/2 with GZIP
> > compression. So in general Safari supports HTTP/2+GZIP. Could it be
> > that Tomcat does some sort of HTTP/2+GZIP which conforms to all the
> > specs but somehow is "Apple-incompatible"? Do you think some
> > subtle changes (including crazy ones like headers order, etc) might
> > fix the issue?
> >
> > Thank you, Kirill
> >
> > On Wed, 8 May 2019 at 17:08, Mark Thomas <ma...@apache.org> wrote:
> >
> >> Although I find it hard to believe, this looks like a browser
> >> bug. There is a similar issue with FireFox:
> >> https://bz.apache.org/bugzilla/show_bug.cgi?id=63354
> >>
> >> I suggest opening an issue with Apple.
> >>
> >> Mark
> >>
> >>
> >>
> >> On 08/05/2019 05:23, Kirill Ilyukhin wrote:
> >>> Hi,
> >>>
> >>> I am trying to run Tomcat with HTTP/2 support. Everything works
> >>> perfectly fine until I enable content compression. Google
> >>> Chrome on Mac OS is OK with gzip compression. Apple Safari on
> >>> Mac
> >> OS
> >>> and iOS fail with “The operation couldn’t be completed.
> >>> Protocol error” (NSPOSIXErrorDomain:100). iOS URLSession also
> >>> does not work. Is it something wrong with my configuration or
> >>> code? Please see below server setup, connector configuration
> >>> and servlet code.
> >>>
> >>> Server version: Apache Tomcat/8.5.39 Server built: Mar 14
> >>> 2019 11:24:26 UTC Server number: 8.5.39.0 OS Name: Mac
> >>> OS X OS Version: 10.13.6 Architecture: x86_64 JVM
> >>> Version: 9.0.1+11 JVM Vendor: Oracle Corporation Loaded
> >>> APR based Apache Tomcat Native library [1.2.21] using APR
> >>> version [1.6.5]. APR capabilities: IPv6 [true], sendfile
> >>> [true], accept filters [false], random [true]. APR/OpenSSL
> >>> configuration: useAprConnector [false], useOpenSSL [true]
> >>> OpenSSL successfully initialized [OpenSSL 1.0.2r 26 Feb 2019]
> >>> The ["https-openssl-nio-8080"] connector has been configured to
> >>> support negotiation to [h2] via ALPN
> >>>
> >>>
> >>> <Connector port="8080"
> >>> protocol="org.apache.coyote.http11.Http11NioProtocol"
> >>> asyncTimeout="20000" URIEncoding="utf-8"
> >>> acceptorThreadCount="1"
> >>>
> >>>
> >> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,appli
> cation/javascript,application/json,text/css"
> >>>
> >>
> compression="force"
> >>> connectionTimeout="20000" minSpareThreads="2"
> >>> maxThreads="1024" processorCache="512" useSendfile="true"
> >>> SSLEnabled="true" secure="true" > <UpgradeProtocol
> >>> className="org.apache.coyote.http2.Http2Protocol"
> >>>
> >>>
> >> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,appli
> cation/javascript,application/json,text/css"
> >>>
> >>
> compression="force" />
> >>> <SSLHostConfig><Certificate certificateKeyFile="xxx"
> >>> certificateFile="yyy" certificateChainFile="zzz" type="RSA"
> >>> /></SSLHostConfig> </Connector>
> >>>
> >>>
> >>> public class TestServlet extends javax.servlet.http.HttpServlet
> >>> { protected void doGet(javax.servlet.http.HttpServletRequest
> >>> request, javax.servlet.http.HttpServletResponse response)
> >>> throws javax.servlet.ServletException, java.io.IOException {
> >>> response.setContentType("text/plain");
> >>> response.setCharacterEncoding("utf-8");
> >>> response.getWriter().write("Lorem ipsum dolor sit amet"); } }
> >>>
> >>>
> >>> Thank you, Kirill
> >>>
> >>
> >>
> >> ---------------------------------------------------------------------
> >>
> >>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlzS/v4ACgkQHPApP6U8
> pFiy+A/9H0nCzh6M26+BZgWkdEIsQHqRV9nmdsO/durBFKZdLQ0spexkf16JEltS
> cUdAwxu8ObIgBTIitXnr4Nh2hJVJCCUVpV33ZyuKuIeTfXJo4VSEP2pkIaveaKRz
> bXbo003Tt1jn6278EGEhAccad7y9IVg2Et7aOMbeuUShzsJPJNnZ7xOu1VWvXjuK
> if3sz2+IwD5ch9vNqICpwOAnXbC4hUVy5M5oeAPP96OhCSp8iv4Th+X4ir3f3Mbl
> s7c5m9vxfwHe/zIBBfksrWCRgm0iznrTsOzgXsqYuuxQujkcIOnslJehMhQ0vuYV
> gcbJW/CxQbxSsQZmBoyBI/DECdKr5uXKkUboVOz8YpISXJyyN6BLjy2h9jjUDNRQ
> HO8AaqrltGvFsD6A7vQPZDWEa8mXUUQsU8x4TDVcdNIhqg+OhbeabGDBf83RRHKs
> 1U4MDyqo+tBNd6GV/7vciBENgL5NxmQ8csfWISijyM2+MvG4ucgaRXCfZfDNX0Kr
> BRfoBeDKb7p+0XutxmpyjVh5VtBPD8Cy6xmJFu1Z6Q3OsLPnWZAk/fWQMUnIqBcX
> egrsOjsk/A1klxVsQ/EzIbNzRB6NpoT8n0hrWpX9IIo4kyplqAn+C9VKT5pi9j6G
> j0Pw6b9tKQKKTyXUkizELkbVbqngrp8wIY1QSopFEx5uS397KwE=
> =Ww2J
> -----END PGP SIGNATURE-----
>
Re:[OT] HTTP2 gzip compression and Safari browser
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Kirill,
Is it a good idea to use TLS+gzip for dynamic services?
http://breachattack.com/
?
- -chris
On 5/8/19 08:27, Kirill Ilyukhin wrote:
> Mark,
>
> Could you please take a closer look to the issue? This happens with
> Safari and native apps on iOS 11 and iOS 12 which means that Tomcat
> HTTP/2 cannot be enabled for any service with iOS clients.
>
> If we open https://www.google.com in Safari (both iOS and Mac OS),
> we see that HTML and JS are received over HTTP/2 with GZIP
> compression. So in general Safari supports HTTP/2+GZIP. Could it be
> that Tomcat does some sort of HTTP/2+GZIP which conforms to all the
> specs but somehow is "Apple-incompatible"? Do you think some
> subtle changes (including crazy ones like headers order, etc) might
> fix the issue?
>
> Thank you, Kirill
>
> On Wed, 8 May 2019 at 17:08, Mark Thomas <ma...@apache.org> wrote:
>
>> Although I find it hard to believe, this looks like a browser
>> bug. There is a similar issue with FireFox:
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=63354
>>
>> I suggest opening an issue with Apple.
>>
>> Mark
>>
>>
>>
>> On 08/05/2019 05:23, Kirill Ilyukhin wrote:
>>> Hi,
>>>
>>> I am trying to run Tomcat with HTTP/2 support. Everything works
>>> perfectly fine until I enable content compression. Google
>>> Chrome on Mac OS is OK with gzip compression. Apple Safari on
>>> Mac
>> OS
>>> and iOS fail with “The operation couldn’t be completed.
>>> Protocol error” (NSPOSIXErrorDomain:100). iOS URLSession also
>>> does not work. Is it something wrong with my configuration or
>>> code? Please see below server setup, connector configuration
>>> and servlet code.
>>>
>>> Server version: Apache Tomcat/8.5.39 Server built: Mar 14
>>> 2019 11:24:26 UTC Server number: 8.5.39.0 OS Name: Mac
>>> OS X OS Version: 10.13.6 Architecture: x86_64 JVM
>>> Version: 9.0.1+11 JVM Vendor: Oracle Corporation Loaded
>>> APR based Apache Tomcat Native library [1.2.21] using APR
>>> version [1.6.5]. APR capabilities: IPv6 [true], sendfile
>>> [true], accept filters [false], random [true]. APR/OpenSSL
>>> configuration: useAprConnector [false], useOpenSSL [true]
>>> OpenSSL successfully initialized [OpenSSL 1.0.2r 26 Feb 2019]
>>> The ["https-openssl-nio-8080"] connector has been configured to
>>> support negotiation to [h2] via ALPN
>>>
>>>
>>> <Connector port="8080"
>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>> asyncTimeout="20000" URIEncoding="utf-8"
>>> acceptorThreadCount="1"
>>>
>>>
>> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,appli
cation/javascript,application/json,text/css"
>>>
>>
compression="force"
>>> connectionTimeout="20000" minSpareThreads="2"
>>> maxThreads="1024" processorCache="512" useSendfile="true"
>>> SSLEnabled="true" secure="true" > <UpgradeProtocol
>>> className="org.apache.coyote.http2.Http2Protocol"
>>>
>>>
>> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,appli
cation/javascript,application/json,text/css"
>>>
>>
compression="force" />
>>> <SSLHostConfig><Certificate certificateKeyFile="xxx"
>>> certificateFile="yyy" certificateChainFile="zzz" type="RSA"
>>> /></SSLHostConfig> </Connector>
>>>
>>>
>>> public class TestServlet extends javax.servlet.http.HttpServlet
>>> { protected void doGet(javax.servlet.http.HttpServletRequest
>>> request, javax.servlet.http.HttpServletResponse response)
>>> throws javax.servlet.ServletException, java.io.IOException {
>>> response.setContentType("text/plain");
>>> response.setCharacterEncoding("utf-8");
>>> response.getWriter().write("Lorem ipsum dolor sit amet"); } }
>>>
>>>
>>> Thank you, Kirill
>>>
>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlzS/v4ACgkQHPApP6U8
pFiy+A/9H0nCzh6M26+BZgWkdEIsQHqRV9nmdsO/durBFKZdLQ0spexkf16JEltS
cUdAwxu8ObIgBTIitXnr4Nh2hJVJCCUVpV33ZyuKuIeTfXJo4VSEP2pkIaveaKRz
bXbo003Tt1jn6278EGEhAccad7y9IVg2Et7aOMbeuUShzsJPJNnZ7xOu1VWvXjuK
if3sz2+IwD5ch9vNqICpwOAnXbC4hUVy5M5oeAPP96OhCSp8iv4Th+X4ir3f3Mbl
s7c5m9vxfwHe/zIBBfksrWCRgm0iznrTsOzgXsqYuuxQujkcIOnslJehMhQ0vuYV
gcbJW/CxQbxSsQZmBoyBI/DECdKr5uXKkUboVOz8YpISXJyyN6BLjy2h9jjUDNRQ
HO8AaqrltGvFsD6A7vQPZDWEa8mXUUQsU8x4TDVcdNIhqg+OhbeabGDBf83RRHKs
1U4MDyqo+tBNd6GV/7vciBENgL5NxmQ8csfWISijyM2+MvG4ucgaRXCfZfDNX0Kr
BRfoBeDKb7p+0XutxmpyjVh5VtBPD8Cy6xmJFu1Z6Q3OsLPnWZAk/fWQMUnIqBcX
egrsOjsk/A1klxVsQ/EzIbNzRB6NpoT8n0hrWpX9IIo4kyplqAn+C9VKT5pi9j6G
j0Pw6b9tKQKKTyXUkizELkbVbqngrp8wIY1QSopFEx5uS397KwE=
=Ww2J
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: HTTP2 gzip compression and Safari browser
Posted by Kirill Ilyukhin <ki...@gmail.com>.
Mark,
Could you please take a closer look to the issue? This happens with Safari
and native apps on iOS 11 and iOS 12 which means that Tomcat HTTP/2 cannot
be enabled for any service with iOS clients.
If we open https://www.google.com in Safari (both iOS and Mac OS), we see
that HTML and JS are received over HTTP/2 with GZIP compression. So in
general Safari supports HTTP/2+GZIP.
Could it be that Tomcat does some sort of HTTP/2+GZIP which conforms to all
the specs but somehow is "Apple-incompatible"? Do you think some subtle
changes (including crazy ones like headers order, etc) might fix the issue?
Thank you,
Kirill
On Wed, 8 May 2019 at 17:08, Mark Thomas <ma...@apache.org> wrote:
> Although I find it hard to believe, this looks like a browser bug. There
> is a similar issue with FireFox:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=63354
>
> I suggest opening an issue with Apple.
>
> Mark
>
>
>
> On 08/05/2019 05:23, Kirill Ilyukhin wrote:
> > Hi,
> >
> > I am trying to run Tomcat with HTTP/2 support. Everything works perfectly
> > fine until I enable content compression.
> > Google Chrome on Mac OS is OK with gzip compression. Apple Safari on Mac
> OS
> > and iOS fail with “The operation couldn’t be completed. Protocol error”
> > (NSPOSIXErrorDomain:100). iOS URLSession also does not work.
> > Is it something wrong with my configuration or code?
> > Please see below server setup, connector configuration and servlet code.
> >
> > Server version: Apache Tomcat/8.5.39
> > Server built: Mar 14 2019 11:24:26 UTC
> > Server number: 8.5.39.0
> > OS Name: Mac OS X
> > OS Version: 10.13.6
> > Architecture: x86_64
> > JVM Version: 9.0.1+11
> > JVM Vendor: Oracle Corporation
> > Loaded APR based Apache Tomcat Native library [1.2.21] using APR version
> > [1.6.5].
> > APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
> > random [true].
> > APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
> > OpenSSL successfully initialized [OpenSSL 1.0.2r 26 Feb 2019]
> > The ["https-openssl-nio-8080"] connector has been configured to support
> > negotiation to [h2] via ALPN
> >
> >
> > <Connector port="8080"
> > protocol="org.apache.coyote.http11.Http11NioProtocol"
> > asyncTimeout="20000"
> > URIEncoding="utf-8"
> > acceptorThreadCount="1"
> >
> >
> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,application/javascript,application/json,text/css"
> > compression="force"
> > connectionTimeout="20000"
> > minSpareThreads="2"
> > maxThreads="1024"
> > processorCache="512"
> > useSendfile="true"
> > SSLEnabled="true"
> > secure="true" >
> > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> >
> >
> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,application/javascript,application/json,text/css"
> > compression="force" />
> > <SSLHostConfig><Certificate certificateKeyFile="xxx"
> > certificateFile="yyy" certificateChainFile="zzz" type="RSA"
> > /></SSLHostConfig>
> > </Connector>
> >
> >
> > public class TestServlet extends javax.servlet.http.HttpServlet {
> > protected void doGet(javax.servlet.http.HttpServletRequest request,
> > javax.servlet.http.HttpServletResponse response) throws
> > javax.servlet.ServletException, java.io.IOException {
> > response.setContentType("text/plain");
> > response.setCharacterEncoding("utf-8");
> > response.getWriter().write("Lorem ipsum dolor sit amet");
> > }
> > }
> >
> >
> > Thank you,
> > Kirill
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: HTTP2 gzip compression and Safari browser
Posted by Mark Thomas <ma...@apache.org>.
Although I find it hard to believe, this looks like a browser bug. There
is a similar issue with FireFox:
https://bz.apache.org/bugzilla/show_bug.cgi?id=63354
I suggest opening an issue with Apple.
Mark
On 08/05/2019 05:23, Kirill Ilyukhin wrote:
> Hi,
>
> I am trying to run Tomcat with HTTP/2 support. Everything works perfectly
> fine until I enable content compression.
> Google Chrome on Mac OS is OK with gzip compression. Apple Safari on Mac OS
> and iOS fail with “The operation couldn’t be completed. Protocol error”
> (NSPOSIXErrorDomain:100). iOS URLSession also does not work.
> Is it something wrong with my configuration or code?
> Please see below server setup, connector configuration and servlet code.
>
> Server version: Apache Tomcat/8.5.39
> Server built: Mar 14 2019 11:24:26 UTC
> Server number: 8.5.39.0
> OS Name: Mac OS X
> OS Version: 10.13.6
> Architecture: x86_64
> JVM Version: 9.0.1+11
> JVM Vendor: Oracle Corporation
> Loaded APR based Apache Tomcat Native library [1.2.21] using APR version
> [1.6.5].
> APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true].
> APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
> OpenSSL successfully initialized [OpenSSL 1.0.2r 26 Feb 2019]
> The ["https-openssl-nio-8080"] connector has been configured to support
> negotiation to [h2] via ALPN
>
>
> <Connector port="8080"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> asyncTimeout="20000"
> URIEncoding="utf-8"
> acceptorThreadCount="1"
>
> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,application/javascript,application/json,text/css"
> compression="force"
> connectionTimeout="20000"
> minSpareThreads="2"
> maxThreads="1024"
> processorCache="512"
> useSendfile="true"
> SSLEnabled="true"
> secure="true" >
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
>
> compressibleMimeType="text/html,text/xml,text/plain,text/x-json,application/javascript,application/json,text/css"
> compression="force" />
> <SSLHostConfig><Certificate certificateKeyFile="xxx"
> certificateFile="yyy" certificateChainFile="zzz" type="RSA"
> /></SSLHostConfig>
> </Connector>
>
>
> public class TestServlet extends javax.servlet.http.HttpServlet {
> protected void doGet(javax.servlet.http.HttpServletRequest request,
> javax.servlet.http.HttpServletResponse response) throws
> javax.servlet.ServletException, java.io.IOException {
> response.setContentType("text/plain");
> response.setCharacterEncoding("utf-8");
> response.getWriter().write("Lorem ipsum dolor sit amet");
> }
> }
>
>
> Thank you,
> Kirill
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org