[Bug 69468] New: Uploaded file is corrupted when using HTTP 2 and JSSE

Wed, 20 Nov 2024 23:21:23 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=69468

            Bug ID: 69468
           Summary: Uploaded file is corrupted when using HTTP 2 and JSSE
           Product: Tomcat 10
           Version: 10.1.33
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: jiri.tr...@cloverdx.com
  Target Milestone: ------

Created attachment 39942
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=39942&action=edit
Example application

Upload of a larger file via multipart HTML form can corrupt uploaded file in
case Tomcat is configured to use SSL connector with HTTP 2 and the native
library is disabled. This error depends on which web browser is used.

How to reproduce:

1) Configure Tomcat to used SSL

I used self signed certificate in a JKS file. In server.xml enable ssl
connector with HTTP 2 protocol.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true"
               maxParameterCount="1000">
  <UpgradeProtocol overheadDataThreshold="0"
                   className="org.apache.coyote.http2.Http2Protocol" />
   <SSLHostConfig>
      <Certificate certificateKeystoreFile="keystore.jks"
                   certificateKeystorePassword="changeit" type="RSA" />
   </SSLHostConfig>
</Connector>

and remove line with "AprLifecycleListener" from it.

2) Use attached application on url https://localhost:8443/TestUpload

3) Upload larger file

The file will be stored in %CATALINA_HOME%\webapps\TestUpload
I used zip file with 6MB jar in it and the zip was damaged. But you can also
create larger text file and compare contents.

4) Use different browsers.

When I used Chrome and Edge the file was corrupted. Firefox froze. But when I
used Waterfox the problem newer happened.

The problem newer happens when Apache Tomcat Native library is enabled.
The problem newer happens when HTTP 2 is disabled.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to