Apache Tomcat 9.0.50 (Also issue with 9.0.44) Oracle JDK and JRE 1.8.0-1.8.0_301
Red Hat Enterprise Linux Server release 7.9
When updating JDK/JRE from build 1.8.0_291-b10 to 1.8.0_301-b09, Apache
Tomcat Connector (org.apache.coyote.http11.Http11AprProtocol) failed to load
server key and failed to start. Tomcat ran without issues prior to the
upgrade.
Issue seems to be tied to the JVM and OpenSSL. We created a connector using
org.apache.coyote.http11.Http11Nio2Protocol and JSSE (No OpenSSL) and was
able to start without issue. However this configuration does not satisfy all
of our requirements.
Stack Trace:
27-Jul-2021 16:34:12.053 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache
Tomcat Native library [1.2.14] using APR version [1.4.8].
27-Jul-2021 16:34:12.053 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true], UDS [false].
27-Jul-2021 16:34:12.053 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL
configuration: useAprConnector [false], useOpenSSL [true]
27-Jul-2021 16:34:12.056 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL Already in FIPS
mode; skipping FIPS initialization.
27-Jul-2021 16:34:12.056 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized [OpenSSL 1.0.2k-fips 26 Jan 2017]
27-Jul-2021 16:34:12.389 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["http-nio-127.0.0.1-8080"]
27-Jul-2021 16:34:12.407 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-openssl-apr-XXX.XXX.XXX.XXX-443"]
27-Jul-2021 16:34:12.451 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component
[Connector[org.apache.coyote.http11.Http11AprProtocol-443]]
org.apache.catalina.LifecycleException: Protocol handler
initialization failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1049)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:5
61)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:104
9)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:724)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:43)
at
java.lang.reflect.Method.invoke(Method.java:498)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at
org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:331)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:43)
at
java.lang.reflect.Method.invoke(Method.java:498)
at
org.apache.commons.daemon.support.DaemonLoader.load(DaemonLoader.java:210)
Caused by: java.lang.IllegalArgumentException:
1.2.840.113549.1.5.13 SecretKeyFactory not available
at
org.apache.tomcat.util.net.AprEndpoint.createSSLContext(AprEndpoint.java:461
)
at
org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:425)
at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint
.java:1208)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1221)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:603)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.
java:80)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1046)
... 17 more
Caused by: java.security.NoSuchAlgorithmException:
1.2.840.113549.1.5.13 SecretKeyFactory not available
at
javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:122)
at
javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:160)
at
org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:184)
at
org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:126)
at
org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:90)
at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:315)
at
org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.ja
va:98)
at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246
)
at
org.apache.tomcat.util.net.AprEndpoint.createSSLContext(AprEndpoint.java:459
)
... 23 more
27-Jul-2021 16:34:12.452 INFO [main]
org.apache.catalina.startup.Catalina.load Server initialization in [650]
milliseconds
27-Jul-2021 16:34:16.638 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting service
[Catalina]
27-Jul-2021 16:34:16.638 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
engine: [Standard Server]
27-Jul-2021 16:34:40.105 INFO [main]
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
["http-nio-127.0.0.1-8080"]
27-Jul-2021 16:34:40.121 INFO [main]
org.apache.catalina.startup.Catalina.start Server startup in [27668]
milliseconds
Has anyone else run into this issue and if so, have you been able to resolve
the issue?
Very Respectfully,
Kevin Ray
RHCSA, Security+
Fleet Weather Center Norfolk
9141 3rd Ave.
Norfolk VA 23511
kevin.l....@navy.mil
757-445-0889
dsn 565-0889
smime.p7s
Description: S/MIME cryptographic signature
