[Bug 62748] Add support for TLS 1.3 (RFC 8446)

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=62748

--- Comment #4 from Christopher Schultz <ch...@christopherschultz.net> ---
These two patches allow Tomcat to start up with TLSv1.3 enabled.

When performing a connection test, however, I get the following error:

$ openssl s_client -connect localhost:8443
[...]
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
[...]
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
GET /[LF]            <-- I enter this manually
read:errno=54

The connection is terminated. Tomcat logs this to catalina.out:

28-Sep-2018 18:05:40.032 FINE [https-openssl-apr-8443-exec-2]
org.apache.tomcat.util.net.SocketWrapperBase.populateReadBuffer Socket:
[org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper@61ede956:140449439191200],
Read from buffer: [0]
28-Sep-2018 18:05:40.032 FINE [https-openssl-apr-8443-exec-2]
org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request
header
 java.io.IOException: Unexpected error [53] reading data from the APR/native
socket [140,449,439,191,200] with wrapper
[org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper@61ede956:140449439191200].
        at
org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.fillReadBuffer(AprEndpoint.java:2533)
        at
org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.fillReadBuffer(AprEndpoint.java:2453)
        at
org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper.read(AprEndpoint.java:2436)
        at
org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:729)
        at
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:352)
        at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:294)
        at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
        at
org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2338)
        at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1135)
        at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.base/java.lang.Thread.run(Thread.java:844)

28-Sep-2018 18:05:40.033 FINE [https-openssl-apr-8443-exec-2]
org.apache.coyote.AbstractProcessorLight.process Socket:
[org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper@61ede956:140449439191200],
Status in: [OPEN_READ], State out: [CLOSED]


I'm not sure what is currently missing.

Azat, are you able to patch tcnative and tomcat using my patches and test in
your environment?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org