Re: [VOTE] Release Apache Tomcat 8.0.11

Wed, 20 Aug 2014 01:09:41 -0700 

Mark,

On 15.8.2014 22:07, Mark Thomas wrote:

The proposed 8.0.11 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 8.0.11


(non-binding)

Tested .zip distribution on Windows 7 64-bit:

- Tested TLS/SSL connectivity for BIO, NIO and APR connectors.


- Crawled all links (except /manager, /host-manager and 
/examples/async*). No broken links found, except links to JavaDocs.


- Smoke tests of BIO, NIO and APR, with and without TLS, all passed.

- Tested with several webapps that are in active development.



But, I had some problems with testing OpenSSL cypher syntax with BIO 
connector. Some values for ciphers attribute worked, like



ciphers="EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS" 



but others did not:


ciphers="EECDH+aRSA+SHA384:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS" 



Thw exception thrown is:

-------------------------------------

20-Aug-2014 09:56:48.568 SEVERE [main] 
org.apache.coyote.AbstractProtocol.init F
ailed to initialize end point associated with ProtocolHandler 
["http-bio-443"]

 java.io.IOException

        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFact

ory.java:467)

        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESo

cketFactory.java:181)

        at 
org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:360)
        at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav

a:730)

        at 
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:456)
        at 
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp

11JsseProtocol.java:120)

        at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:9

60)

        at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at 
org.apache.catalina.core.StandardService.initInternal(StandardService

.java:567)

        at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.j

ava:842)

        at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)

        at org.apache.catalina.startup.Catalina.load(Catalina.java:576)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:599)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.

java:57)

        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces

sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
Caused by: java.lang.NullPointerException
        at java.util.ArrayList.<init>(ArrayList.java:164)

        at 
org.apache.tomcat.util.net.jsse.openssl.OpenSSLCipherConfigurationPar

ser.parse(OpenSSLCipherConfigurationParser.java:636)

        at 
org.apache.tomcat.util.net.jsse.openssl.OpenSSLCipherConfigurationPar

ser.parseExpression(OpenSSLCipherConfigurationParser.java:668)

        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getEnableableCipher

s(JSSESocketFactory.java:239)

        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFact

ory.java:455)
        ... 19 more


20-Aug-2014 09:56:48.631 SEVERE [main] 
org.apache.catalina.core.StandardService.
initInternal Failed to initialize connector 
[Connector[org.apache.coyote.http11.

Http11Protocol-443]]

 org.apache.catalina.LifecycleException: Failed to initialize component 
[Connect

or[org.apache.coyote.http11.Http11Protocol-443]]

        at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
        at 
org.apache.catalina.core.StandardService.initInternal(StandardService

.java:567)

        at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
        at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.j

ava:842)

        at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)

        at org.apache.catalina.startup.Catalina.load(Catalina.java:576)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:599)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.

java:57)

        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces

sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)

Caused by: org.apache.catalina.LifecycleException: Protocol handler 
initializati

on failed

        at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:9

62)

        at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)

        ... 12 more
Caused by: java.io.IOException

        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFact

ory.java:467)

        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESo

cketFactory.java:181)

        at 
org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:360)
        at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.jav

a:730)

        at 
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:456)
        at 
org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp

11JsseProtocol.java:120)

        at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:9

60)
        ... 13 more
Caused by: java.lang.NullPointerException
        at java.util.ArrayList.<init>(ArrayList.java:164)

        at 
org.apache.tomcat.util.net.jsse.openssl.OpenSSLCipherConfigurationPar

ser.parse(OpenSSLCipherConfigurationParser.java:636)

        at 
org.apache.tomcat.util.net.jsse.openssl.OpenSSLCipherConfigurationPar

ser.parseExpression(OpenSSLCipherConfigurationParser.java:668)

        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getEnableableCipher

s(JSSESocketFactory.java:239)

        at 
org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFact

ory.java:455)
        ... 19 more
-------------------------------------


It seems that adding EECDH+aRSA+SHA384 to the ciphers attribute throws 
the exception.



I assume that OpenSSL's "EECDH+aRSA+SHA384" is equivalent to JSSE's 
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384".



I have JCE Unlimited Strength installed, and I am able to specify 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 using JSSE syntax. Why I am unable 
to specify it using OpenSSL syntax?




If it is a bug, and not my oversight, I don't think this is critical to 
stop the release.


-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org























					Reply via email to