[Bug 63892] New: TLS 1.3 with client auth fails with NOT_HANDSHAKING during handshake

Wed, 30 Oct 2019 03:21:22 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=63892

            Bug ID: 63892
           Summary: TLS 1.3 with client auth fails with NOT_HANDSHAKING
                    during handshake
           Product: Tomcat 9
           Version: 9.0.x
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: -----

As discussed in 
http://mail-archives.apache.org/mod_mbox/tomcat-users/201910.mbox/%3Cee96a553-81ea-ad01-f51b-f638de934600%40apache.org%3E


I installed Tomcat 9.0.27 on my Windows 7 machine and using the following java
runtime to get support for TLSv1.3

Server built:          Oct 7 2019 09:57:22 UTC
Server version number: 9.0.27.0
Architecture:          amd64
JVM Version:           13.0.1+9
JVM Vendor:            Oracle Corporation


My TLS connector is configured with client auth.
        <Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
                   maxThreads="150" SSLEnabled="true"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
                   keystoreFile="conf/keys/server.jks" keystoreType="JKS"
keystorePass="" keyAlias="server"
                   clientAuth="true" truststoreFile="conf/keys/clients.jks"
truststorePass="" sslProtocol="TLS">
   </Connector>

If i connect with a browser i can choose my client key but get an error
afterwards.

The following error happens in SecureNioChannel:
28-Oct-2019 10:04:27.939 FINE [https-jsse-nio-8443-exec-4]
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun Error during SSL
handshake
        java.io.IOException: NOT_HANDSHAKING during handshake
                at
org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:193)
                at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1556)
                at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
                at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
                at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
                at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                at java.base/java.lang.Thread.run(Thread.java:830)

With java runtime 8 everything works fine but i do not have TLSv1.3 there, so
only a TLSv1.2 handshake is done.

Please note that the problem also occur with 8.5.x.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to