-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 André,
On 2/23/17 7:08 PM, André Warnier (tomcat) wrote: > On 24.02.2017 00:57, James H. H. Lampert wrote: >> On 2/23/17, 3:13 PM, André Warnier (tomcat) wrote: >>> It seems to say right up here what the problem is : the >>> customer system cannot establish a HTTPS connection with your >>> server. The connection attempt starts, but then your server >>> rejects it and closes the connection. Maybe they cannot agree >>> on a common SSL protocol ? >> . . . >> >> Is there a diagnostic setting I can apply to the Tomcat server, >> that would shed any light on what's happening? >> > > Probably, if you set the log level high enough. Unfortunately, the > tomcat logging configuration is also not really my thing. One > expert in these matters on this list is Christopher, but he seems > to get list emails after some delay. High praise. My delays are usually self-imposed. :) > So have a little patience, and you'll probably be helped. > > In the meantime, there is always the helpful on-line tomcat > documentation which you could try. > http://tomcat.apache.org/tomcat-8.0-doc/logging.html You need to enable logging at a lower level than this if a TLS connection is failing. Tomcat doesn't get any indication that anyone even tried to make a connection if the TLS handshake fails. James, are you using APR/tcnative/OpenSSL or JSSE? With JSSE, you can enable logging with the system property "-Djavax.net.debug=all" (without quotes, of course). Beware: this will produce ENORMOUS amounts of debugging output. Don't put it into production... just set-up a test server within the same environment and try to make connections. Back to the original report... is this a single client that *sometimes* gets connection resets or is it multiple clients, some of which always get resets and other clients are okay? If it's one client, do they have multiple boxes/client services, etc. that can be identified as "always working" or "always failing", or is this all totally intermittent? Finally... what's the underlying protocol? Plain-old HTTP or Websocket? I guess you are getting reset-on-connect and not reset-during-communication, so the underlying protocol might not matter at all. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYsGXGAAoJEBzwKT+lPKRYCpcP/1liYo5BOSR7cyb7kKYBmnfC WA3V8Faw8IXZGeeEwFGVEYB8HAa+jnivX8nlYSf8q6pU/FBA5KuO4fVAZJchOLB4 I+DC83+FjciMXcgklYIt+i8IVlw3wQssriMgEDG/xhoQB7i+NPRp66RBvZ/+OEhu iyY1nndw8SU+RvQAz97r8GcUNz5eTfqxJmt030D/K72oHdoLjSLjLUD3rze/0/wm 9AysEEEYwck8rzq3WrYKXhBbxCkor+rKt24ZT1zAzLqfNMXWLko0MMn+el3ChuDf 2dLRGThq6itu08Pq3neiUu7jC1Cx9XUen8MozSe4dGL2snG8/lAxuq2j3S7i8/b1 mq4yzyVDZqsaBm8Ctnb95nFf4KeTbG0HUxMUPNbzHaOSJKknrYg4NWNSstT4d2Bk b9kDx7ue7LhxWoaekp8d9CvBrMwMv6P5bVb994Z6onfGOSatilgUrZW8zOmfxTJD OwWpwDGPw5rse4r+PudPkX3iKjFtejKzsmExI+89AwbQD8R/bBNL3sN4Jm5fY+Gz 4pYGICiEGzxlpJyvtYaIZtmUvubyj8RQ3dKNbkpziPXY3r8q7M18VVMQIVp59P5J 3yVnJUWdDTHMFNIuI8wVwE4VXgf3yO13MlnVQvWdhc/TVcrlAgwWw0QT3RdcS8Y5 fEQc0kmhPkKioZOcFJce =p7IF -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
