https://bz.apache.org/bugzilla/show_bug.cgi?id=63765
Bug ID: 63765
Summary: NIO2 Connector with OpenSSL 1.1.1 hangs with TLSv1.3
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: csuth...@apache.org
Target Milestone: -----
Created attachment 36793
--> https://bz.apache.org/bugzilla/attachment.cgi?id=36793&action=edit
curl -v output from the failed request and a successful one immediately after
The first request to Tomcat after a restart always hangs (on two of my
machines) and fails with an "Empty reply from server" after one minute when
using NIO2 with JSSE+OpenSSL limited to the TLSv1.3 protocol. If you wait for
the request to end, or terminate it, then the subsequent requests succeed
without issue. I've tried to trace it down, but I don't see any activity in
Tomcat to hint at where this would be :( From my curl output, it's after the
handshake is done.
My environment is Fedora 30 laptop using a local build of Tomcat master
(9.0.27-dev), tomcat-native (1.2.23-dev), APR 1.6.5, and OpenSSL 1.1.1.c.
To reproduce:
1) Configure your Connector
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
maxThreads="150" SSLEnabled="true" >
<SSLHostConfig protocols="TLSv1.3">
<Certificate certificateKeyFile="conf/localhost.server.key.pem"
certificateFile="conf/localhost.server.cert.pem"
certificateKeyPassword="changeit"
certificateChainFile="conf/ca-chain.cert.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
2) Start tomcat
3) Initiate a request with curl and observe the one minute delay and empty
response
curl --insecure -v https://localhost:8443
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
