[Bug 59832] New: SLS/TLS 8.5.3 upgrade from 8.0.32 using NIO2 encoding

Fri, 08 Jul 2016 13:25:34 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=59832

            Bug ID: 59832
           Summary: SLS/TLS 8.5.3 upgrade from 8.0.32 using NIO2 encoding
           Product: Tomcat 8
           Version: 8.5.3
          Hardware: PC
            Status: NEW
          Severity: regression
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: steve.mad...@pega.com

In 8.0.32, we have all nodes in multiple clustered environments using the
TLSv1.1,TLSv1.2 SSL connectors on NIO2.  Everything works fine in all regions
(dev, staging, TestQA & production across the 30+ nodes).  I attempted the
upgrade to 8.5.3 (redeploy and copy all settings from xml files to new version)
as I've done for years going back to Tomcat v5.  One major change was our
<connector> in server.xml had to be changed from:
<!--     <Connector port="8443"
protocol="org.apache.coyote.http11.Http11Nio2Protocol" SSLEnabled="true"
maxThreads="10" minSpareThreads="5" scheme="https" secure="true"
acceptCount="100" connectionTimeout="60000" disableUploadTimeout="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:\certificates\ourJKS.keystore" keystorePass="******"  /> -->

to:
<!-- Verify what the alias is being used for the certificate by using
%JAVA_HOME%\bin\keytool -list -v -alias tomcat (or other aliasname) -->
<Connector port="8443" 
    protocol="org.apache.coyote.http11.Http11NioProtocol" 
    maxThreads="150" disableUploadTimeout="true"  
    SSLEnabled="true"
    sslDefaultHost="ourServer.com">
        <SSLHostConfig hostName="ourServer.com">
    <Certificate certificateKeystoreFile="D:\certificates\ourJKS.keystore"
certificateKeystorePassword="******" certificateKeyAlias="ourAlias"
type="RSA"/>
     </SSLHostConfig>
</Connector>

Which is fine, but we were using the http11.Http11Nio2Protocol and that no
longer works in 8.5.3.  What we see is that the xml gets encoded and not
decoded and then fails because NUL is passed as parameter values.  Since our
environments are XML rich and connecting to Oracle 12c, the data should be
encoded/decoded as it did in 8.0.32.  If this too changed along with the
SSL/TLS arguments, it isn't documented where it can be easily identified.  Can
someone please take an existing 8.0.32 TLSv1.1,TLSv1.2 and NIO2 and then port
changes to 8.5.3 and tell me what I've missed?  I've had conversations already
on the users email and Mark Thomas suggested I create this bug item and a
simple use case.  The simplest case is using NIO2 on 8.0.32 and trying to use
it again on 8.5.3.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to