Re: Unknown setting warnings

Sat, 14 Dec 2024 10:56:14 -0800 

On 13/12/2024 21:41, Christopher Schultz wrote:

Brian,

On 12/13/24 3:38 PM, Paquin, Brian wrote:
I am using Tomcat 10.1.30 with Tomcat Native and get these errors when user’s connect to an application: WARNING [https-openssl-nio-9443-exec-27] org.apache.coyote.http2.Http2Parser.readSettingsFrame Connection [424], An unknown setting with identifier [8] and value [1] was ignored 
 >
I suspect I need to make a change in my server.xml but I am not sure what needs to be changed.
I don't think you need to change anything. The warning indicates that the client is sending something the server doesn't understand at all.
Here is what I have for connectors (I can share more of server.xml if required):      <Connector port="9443" protocol="org.apache.coyote.http11.Http11NioProtocol"                 maxThreads="500" SSLEnabled="true" scheme="https" secure="true" xpoweredBy="false" allowTrace="false">          <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> 
         <SSLHostConfig protocols="TLSv1.2">
             <Certificate certificateKeyFile="conf/privatekey.key"
                          certificateFile="conf/certificate.crt"
                          certificateChainFile="conf/chain.crt"
                          type="RSA" />
         </SSLHostConfig>
     </Connector>
     <Connector port="9009" protocol="AJP/1.3" redirectPort="9443" secretRequired="false" /> 

Are there changes needed in the UpgradeProtocol I am missing?
I don't know enough about the protocol and the source of that warning message to know what "identifier [8]" refers to. My guess is that it is a SETTINGS frame type, only 0 - 6 have been defined, meaning that #8 is undefined. 

https://datatracker.ietf.org/doc/html/rfc7540#section-6.5.2

https://httpwg.org/specs/rfc7540.html#rfc.section.6.5.2


Some newer ones have been defined by later RFCs:

https://www.iana.org/assignments/http2-parameters/http2-parameters.xhtml#settings


What h2 client is being used by these users?
Looks like Tomcat needs updating to explicitly ignore known settings it doesn't implement (and in the case of CONNECT it is likely it never will). 

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to