On Wed, Mar 27, 2019 at 4:21 PM Mark Thomas <ma...@apache.org> wrote:
> On 27/03/2019 15:13, Mark Thomas wrote:
> > On 27/03/2019 04:23, Jason Rivard wrote:
> >> I'm trying to get the following configuration working:
> >>
> >> - Tomcat 9.0.17 (also tested with 9.0.16)
> >> - AdoptOpenJDK Java 11.0.2 on Linux (also tested on Windows)
> >> - Http11NioProtocol Connector
> >> - Http2Protocol ProtocolUpgrade
> >>
> >> I'm using the following connector config:
> >>
> >> <Connector port="8443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> >>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
> >> SSLEnabled="true" scheme="https" secure="true"
> >> keystoreFile="/appData/jks-keystore" keystorePass="password">
> >> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
> >> </Connector>
> >>
> >> With the UpgradeProtocol in place, HTTP/2.0 works fine, but when I
> >> attempt a pure HTTP/1.0 or HTTP/1.1 request the server closes the
> >> connection before responding. This breaks any non-HTTP2.0 client.
> >>
> >> My first question is: Should this configuration work?
> >
> > Yes.
> >
> >> My second is: Why is it broken? :)
> >
> > Don't know yet. Just started looking.
>
> That didn't take long.
>
> When ALPN is available but no protocol is negotiated, OpenSSL returns
> null whereas JSSE returns "".
>
> Tomcat was doing:
> if (negotiatedProtocol != null) { ...
>
> rather than
>
> if (negotiatedProtocol != null && negotiatedProtocol.length() > 0) {
>
> and trying to create a Processor object for the "" protocol, failing and
> then closing the connection.
>
> The fix will be in the next set of releases (expected towards the end of
> next week).
>
This is a rather serious bug IMO, so that release cannot be delayed.
Rémy
