Il giorno lun 13 apr 2020 alle ore 21:49 Rémy Maucherat <r...@apache.org> ha scritto:
> On Mon, Apr 13, 2020 at 7:07 PM Mark Thomas <ma...@apache.org> wrote: > > > On 13/04/2020 11:39, Parigino Andrea Aiello wrote: > > > Hello! > > > i'm having a problem with Tomcat 8.5.51 hosting my Spring Boot 2 > > > application (with 2-way SSL); > > > > The first thing to do is to update to 8.5.54 and re-test. > > > > Also test OpenSSL and Java 11 [if Java 8 was used here], to see what > happens. > > Rémy > > > > > > Mark > > > > > In short is an application with both server and client SOAP interfaces > > > (first called as server, then it act as client). > > > The problem: > > > on first request (sent by SoapUI or other external client) everything > > works > > > fine, no exception; > > > on the second one i got this exception: > > > > > > 1. 13-Apr-2020 11:45:09.757 INFO [https-jsse-nio-234-exec-1] > > > org.apache.coyote.http11.Http11Processor.service Error parsing HTTP > > request > > > header > > > Note: further occurrences of HTTP request parsing errors will be > > logged > > > at DEBUG level. > > > java.lang.ArrayIndexOutOfBoundsException: > > > javax.crypto.ShortBufferException: Need at least 336 bytes of space > in > > > output buffer > > > at > > sun.security.ssl.CipherBox.decrypt(CipherBox.java:591) > > > at > > > > sun.security.ssl.EngineInputRecord.decrypt(EngineInputRecord.java:200) > > > at > > > sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:963) > > > at > > > sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896) > > > at > > > sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766) > > > at > javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) > > > at > > > org.apache.tomcat.util.net > > .SecureNioChannel.read(SecureNioChannel.java:607) > > > at > > > org.apache.tomcat.util.net > > .NioEndpoint$NioSocketWrapper.fillReadBuffer(NioEndpoint.java:1289) > > > at > > > org.apache.tomcat.util.net > > .NioEndpoint$NioSocketWrapper.read(NioEndpoint.java:1225) > > > at > > > > > > org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:737) > > > at > > > > > > org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:368) > > > at > > > > > > org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:502) > > > at > > > > > > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) > > > at > > > > > > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818) > > > at > > > org.apache.tomcat.util.net > > .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) > > > at > > > org.apache.tomcat.util.net > > .SocketProcessorBase.run(SocketProcessorBase.java:49) > > > at > > > > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > > > at > > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > > > at > > > > > > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > > > at java.lang.Thread.run(Thread.java:748) > > > > > > To be noted that on the second request i do not get even a single line > of > > > log from my application, looks like the request doesn't even reach my > > code. > > > here is the Connector config: > > > > > > <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" > > > > > > sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" > > > port="234" maxThreads="200" scheme="https" secure="true" > > > SSLEnabled="true" clientAuth="true" sslProtocol="TLS" > > > keyAlias="agweb2ca" > > > keystoreFile="conf\cert\keystore_s.jks" keystorePass="*****" > > > truststoreFile="conf\cert\truststore_s.jks" truststorePass="******" > > > /> > > > > > > i've also tried all the buffer parameter for the connector ( > > > > > > https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html#NIO_specific_configuration > > > --> setting them to -1/illimited) but seem to not work. > > > > > > Another thing to say is that between the acting as SOAP Server and > acting > > > SOAP Client there are some http (not https) calls to another system. > > > > > > Any help would be really appreciated. > > > Thanks a lot! > > > > > > Andrea > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > Turns out it was an old crypto provider (com.baltimore.jcrypto) that caused the problem, we avoided it and the tomcat started to work fine. how can it be? Thanks anyway for the support. Andrea
