Re: Tomcat SSL stops working after an undetermined amount of time

Thu, 20 May 2021 08:43:06 -0700 

Mark,

Thanks for your response.

I did not see anything in the logs. This morning I added '
-Djava.net.debug=handshake' to my configuration. I did not see any SSL
debug information in my logs. Perhaps I did this wrong or need to use a
different argument?

I expected the debug to be in the access log. Should I be looking
elsewhere? I also checked other logs that had timestamps for after the
instance was restarted.

-- Ez

On Thu, May 20, 2021 at 3:05 AM Mark Thomas <ma...@apache.org> wrote:

> On 19/05/2021 20:42, Ezsra McDonald wrote:
> > Environment:
> > OS: CentOS 7
> > Apache: apache-tomcat-8.5.65
> > Java: jdk1.8.0_281
> >
> > Greetings,
> >
> > I recently enabled SSL on my Tomcat server HTTP connectors. Something odd
> > is happening. After some undetermined amount of time the connector stops
> > responding appropriately to requests. My browser returns the following
> > message:
> >
> > "An error occurred during a connection to target.host.com:8080. SSL
> > received a malformed Alert record.
> >
> > Error code: SSL_ERROR_RX_MALFORMED_ALERT
> > "
> > I do not see anything in the logs to clue me in on what is happening.
> >
> > I have the following configured for the connector.
> > <Connector executor="tomcatThreadPool"
> >         port="${http.port}"
> >         protocol="org.apache.coyote.http11.Http11NioProtocol"
> >         maxThreads="50" enableLookups="false" acceptCount="100"
> >         server="Apache"
> >         SSLEnabled="true" scheme="https" secure="true"
> >         clientAuth="false" sslProtocol="TLSv1.2"
> >         keystoreFile="/opt/tomcat/ssl/tomcat_ssl.jks"
> >         keyAlias="tomcat"
> >         keystorePass="**************"
> >         connectionTimeout="20000"/>
> >
> > When I restart the instance everything works fine for a while. Later,
> when
> > I try to look at the tomcat manager, SSL is no longer functioning
> properly.
> >
> > Any assistance would be appreciated.
>
> Anything in the access logs?
>
> Enable TLS debug logging in the JVM Tomcat is using. You'll get a lot of
> data but you'll be able to see exactly what is happening.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to