Re: Tomcat SSL stops working after an undetermined amount of time

Thu, 20 May 2021 08:55:05 -0700 

On 20/05/2021 16:42, Ezsra McDonald wrote:

Mark,

Thanks for your response.

I did not see anything in the logs. This morning I added '
-Djava.net.debug=handshake' to my configuration. I did not see any SSL
debug information in my logs. Perhaps I did this wrong or need to use a
different argument?


Try:

-Djavax.net.debug=handshake

Mark




I expected the debug to be in the access log. Should I be looking
elsewhere? I also checked other logs that had timestamps for after the
instance was restarted.

-- Ez

On Thu, May 20, 2021 at 3:05 AM Mark Thomas <ma...@apache.org> wrote:


On 19/05/2021 20:42, Ezsra McDonald wrote:

Environment:
OS: CentOS 7
Apache: apache-tomcat-8.5.65
Java: jdk1.8.0_281

Greetings,

I recently enabled SSL on my Tomcat server HTTP connectors. Something odd
is happening. After some undetermined amount of time the connector stops
responding appropriately to requests. My browser returns the following
message:

"An error occurred during a connection to target.host.com:8080. SSL
received a malformed Alert record.

Error code: SSL_ERROR_RX_MALFORMED_ALERT
"
I do not see anything in the logs to clue me in on what is happening.

I have the following configured for the connector.
<Connector executor="tomcatThreadPool"
         port="${http.port}"
         protocol="org.apache.coyote.http11.Http11NioProtocol"
         maxThreads="50" enableLookups="false" acceptCount="100"
         server="Apache"
         SSLEnabled="true" scheme="https" secure="true"
         clientAuth="false" sslProtocol="TLSv1.2"
         keystoreFile="/opt/tomcat/ssl/tomcat_ssl.jks"
         keyAlias="tomcat"
         keystorePass="**************"
         connectionTimeout="20000"/>

When I restart the instance everything works fine for a while. Later,

when

I try to look at the tomcat manager, SSL is no longer functioning

properly.


Any assistance would be appreciated.


Anything in the access logs?

Enable TLS debug logging in the JVM Tomcat is using. You'll get a lot of
data but you'll be able to see exactly what is happening.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to