400 error when upgrading tomcat

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

400 error when upgrading tomcat

Brian Harris
We’re having an issue when upgrading Tomcat from 8.5.50 to 8.5.51.  Since
moving to this version, requests sent to the http port are failing with a
400 error code(bad request).  The server.xml is configured to redirect the
http port to the https port.  This has worked for years and did not start
failing until the upgrade.  Below is the connector config and the java
class used to send a test transaction to the server.



I’ve searched the change log and the only change I can see that might cause
this is the Bug fix for bug 63966 – Charset of TLS message is hard coded to
ISO-8859-1.  This bug fix was introduced into 8.5.51.  The reason I believe
this might be the reason is when we would send this request to tomcat
8.5.50 the reply Content-Type would look like this:



Content-Type: text/plain;charset=ISO-8859-1



With tomcat 8.5.51, I get this:

 Content-Type: text/html;charset=utf-8



Any ideas why I’m getting the 400 error when upgrading to 8.5.51 and beyond
?



Connector config:



<Connector port="5555" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="7777"

                />



       <Connector port="7777" protocol="HTTP/1.1" SSLEnabled="true"

           scheme="https" secure="true"
     ciphers="TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"

           clientAuth="false" sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2"

           keyAlias="myKey"

           keystore="NONE"

           keystorePass="password"

           keystoreType="PKCS11"

           keystoreProvider="myprovider"

           enableLookups="false"

           server="server"

           "/>





Java class used to send the test transaction:



package com.testing;



import java.io.*;

import java.net.*;

import java.util.Date;

import java.text.DateFormat;

import java.text.SimpleDateFormat;



public class RunTestTran{



    public  RunTestTran() {

    }



    public static void main(String [] args){

        RunTestTran recordProcessorTest = new RunTestTran();

        recordProcessorTest.runTran("localhost", 5555,
"/requestProcessor/rp");

    }



        private void runTran(String ip, int port, String appName){

                Socket socket = null;

                PrintWriter out = null;

                BufferedReader in = null;

                String dataToSend = "";



                //Create socket connection

                try {

                        socket = new Socket(ip, port);

                        out = new PrintWriter(socket.getOutputStream(),
true);

                        in = new BufferedReader(new
InputStreamReader(socket.getInputStream()));

                } catch  (Exception e) {

                        System.out.println("Exception:" + e.toString() );

                        System.exit(1);

                }



                DateFormat dateFormat = new SimpleDateFormat("MMddHHmmsss");

                //get current date time with Date() to create a 11 digit
tran id

                Date date = new Date();

                String tranId = dateFormat.format(date);

                String PRIMER_TRAN = "     V " + tranId +
"9999999999000000000JANE       DOE         100 Redwood Shores
Pkwy             Redwood City       CA94065000000000000000  PRIMER TRAN";





                try{

                        dataToSend = URLEncoder.encode("inputRecord",
"UTF-8") + "=" + URLEncoder.encode(PRIMER_TRAN, "UTF-8");



                }catch(Exception e){

                        System.out.println("Exception caught!" +
e.toString());

                }

                 // send message

                StringBuffer sb = new StringBuffer();

                sb.append("POST /" + appName + "/wrp HTTP/1.1\r\n");

                // Try connection close-- see if it does close

                sb.append("Connection: close\r\n");

                sb.append("Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel,
application/msword\n");

                sb.append("Accept-Language: en-us\n");

                sb.append("Accept-Encoding: gzip, deflate\n");

                sb.append("User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.0)\n");

                // Authorization

                sb.append("Authorization: Basic
DK34a3RvbWVydGVzddkK7WCx\n");

                sb.append("Host: " + ip + ":" + port + "\n");

                sb.append("Content-Length: " + dataToSend.length() +
"\r\n");

                sb.append("Content-Type:
application/x-www-form-urlencoded\r\n");

                sb.append("\r\n");

                sb.append(dataToSend);

                 // Send data

                String text = sb.toString();

                out.println(text);



                System.out.println("\nText sent " + text.length() + "
bytes:");

                System.out.println(text + "\n\n");



                try{

                        String gotBack1 = in.readLine();

                        System.out.println("Text received:" + gotBack1 );

                        String gotBack = null;

                        while (  (gotBack = in.readLine()) != null){

                                System.out.println("Text received:" +
gotBack );

                                if ( (gotBack.indexOf("TQ!") != -1)){

                                        break;

                                }

                        }

                } catch (Exception e){

                        System.out.println("Read failed! " + e.toString());

                        System.exit(1);

                }

        }









}
Reply | Threaded
Open this post in threaded view
|

Re: 400 error when upgrading tomcat

Christopher Schultz-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Brian,

On 9/10/20 13:13, Brian Harris wrote:

> We’re having an issue when upgrading Tomcat from 8.5.50 to 8.5.51.
> Since moving to this version, requests sent to the http port are
> failing with a 400 error code(bad request).  The server.xml is
> configured to redirect the http port to the https port.  This has
> worked for years and did not start failing until the upgrade.
> Below is the connector config and the java class used to send a
> test transaction to the server.
>
> I’ve searched the change log and the only change I can see that
> might cause this is the Bug fix for bug 63966 – Charset of TLS
> message is hard coded to ISO-8859-1.  This bug fix was introduced
> into 8.5.51.  The reason I believe this might be the reason is when
> we would send this request to tomcat 8.5.50 the reply Content-Type
> would look like this:
>
>
>
> Content-Type: text/plain;charset=ISO-8859-1
>
>
>
> With tomcat 8.5.51, I get this:
>
> Content-Type: text/html;charset=utf-8
>
>
>
> Any ideas why I’m getting the 400 error when upgrading to 8.5.51
> and beyond ?
>
>
>
> Connector config:
>
>
>
> <Connector port="5555" protocol="HTTP/1.1"
>
> connectionTimeout="20000"
>
> redirectPort="7777"
>
> />
>
>
>
> <Connector port="7777" protocol="HTTP/1.1" SSLEnabled="true"
>
> scheme="https" secure="true"
> ciphers="TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_
GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_
GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AE
S_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_
AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECD
SA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECD
HE_RSA_WITH_AES_256_GCM_SHA384"

>
>  clientAuth="false" sslProtocol="TLS"
> sslEnabledProtocols="TLSv1.2"
>
> keyAlias="myKey"
>
> keystore="NONE"
>
> keystorePass="password"
>
> keystoreType="PKCS11"
>
> keystoreProvider="myprovider"
>
> enableLookups="false"
>
> server="server"
>
> "/>
>
>
>
>
>
> Java class used to send the test transaction:
>
>
>
> package com.testing;
>
>
>
> import java.io.*;
>
> import java.net.*;
>
> import java.util.Date;
>
> import java.text.DateFormat;
>
> import java.text.SimpleDateFormat;
>
>
>
> public class RunTestTran{
>
>
>
> public  RunTestTran() {
>
> }
>
>
>
> public static void main(String [] args){
>
> RunTestTran recordProcessorTest = new RunTestTran();
>
> recordProcessorTest.runTran("localhost", 5555,
> "/requestProcessor/rp");
>
> }
>
>
>
> private void runTran(String ip, int port, String appName){
>
> Socket socket = null;
>
> PrintWriter out = null;
>
> BufferedReader in = null;
>
> String dataToSend = "";
>
>
>
> //Create socket connection
>
> try {
>
> socket = new Socket(ip, port);
>
> out = new PrintWriter(socket.getOutputStream(), true);
>
> in = new BufferedReader(new
> InputStreamReader(socket.getInputStream()));
>
> } catch  (Exception e) {
>
> System.out.println("Exception:" + e.toString() );
>
> System.exit(1);
>
> }
>
>
>
> DateFormat dateFormat = new SimpleDateFormat("MMddHHmmsss");
>
> //get current date time with Date() to create a 11 digit tran id
>
> Date date = new Date();
>
> String tranId = dateFormat.format(date);
>
> String PRIMER_TRAN = "     V " + tranId + "9999999999000000000JANE
> DOE         100 Redwood Shores Pkwy             Redwood City
> CA94065000000000000000  PRIMER TRAN";
>
>
>
>
>
> try{
>
> dataToSend = URLEncoder.encode("inputRecord", "UTF-8") + "=" +
> URLEncoder.encode(PRIMER_TRAN, "UTF-8");
>
>
>
> }catch(Exception e){
>
> System.out.println("Exception caught!" + e.toString());
>
> }
>
> // send message
>
> StringBuffer sb = new StringBuffer();
>
> sb.append("POST /" + appName + "/wrp HTTP/1.1\r\n");
>
> // Try connection close-- see if it does close
>
> sb.append("Connection: close\r\n");
>
> sb.append("Accept: image/gif, image/x-xbitmap, image/jpeg,
> image/pjpeg, application/vnd.ms-powerpoint,
> application/vnd.ms-excel, application/msword\n");
>
> sb.append("Accept-Language: en-us\n");
>
> sb.append("Accept-Encoding: gzip, deflate\n");
>
> sb.append("User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows
> NT 5.0)\n");
>
> // Authorization
>
> sb.append("Authorization: Basic DK34a3RvbWVydGVzddkK7WCx\n");
>
> sb.append("Host: " + ip + ":" + port + "\n");
>
> sb.append("Content-Length: " + dataToSend.length() + "\r\n");
>
> sb.append("Content-Type: application/x-www-form-urlencoded\r\n");
>
> sb.append("\r\n");
>
> sb.append(dataToSend);
>
> // Send data
>
> String text = sb.toString();
>
> out.println(text);
>
>
>
> System.out.println("\nText sent " + text.length() + " bytes:");
>
> System.out.println(text + "\n\n");
>
>
>
> try{
>
> String gotBack1 = in.readLine();
>
> System.out.println("Text received:" + gotBack1 );
>
> String gotBack = null;
>
> while (  (gotBack = in.readLine()) != null){
>
> System.out.println("Text received:" + gotBack );
>
> if ( (gotBack.indexOf("TQ!") != -1)){
>
> break;
>
> }
>
> }
>
> } catch (Exception e){
>
> System.out.println("Read failed! " + e.toString());
>
> System.exit(1);
>
> }
>
> } }

Half your headers have \n line-terminators rather than \r\n
line-terminators. Is that intentional? It's certianly not /legal/.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9ah2sACgkQHPApP6U8
pFit/g/9FyJb2JlIDsBGZLO3pYl/Uqn62O32hWT92WuXNQ7mGObfikNC3KUxtMZV
0SjKWBc5Nfo4E6JJM502AQk5LGq/aWj/E0gGWBoJEcinkNkygFJr3e5NsOt4Czia
PzsvhUwKw/NGNN8jO8GgORR8/52yhsADBWWBmQKaEIxhSKBRrsf9KVjlAosBXcK1
fJ5rWLKMTTShMRChyS8YtklWjuQtGVmNu3+Z0/1H/gN7DUBJWBRu5w5NBEzmGufm
sdpzYUjVabdoywtIA03gjRPoamadfqFJ7SBU7PSaOKwtj1mamBfwmTTnsOH0I6QN
whqFP7v74vBC4IKG8Ixe+kP8Go3uujRdC9Pu6dpxOfLLOtU8bCIVNXsFeR7jJX+m
3DdhWsddDuo6oLgKAJHpJ6/hsTX7DCou4TP1OmFs9N2m67CdYQ3Ih2JKf0RNJ6Pr
ujMPCQSYYAM8QAsYRf58dXoX1I1hO79A0naSn2nMjBess+t9bAhClrg+A4QXVWGj
9HMvX2JFkFOXDM9vm+bqVZCAc/n0a3PcANpkoLbv/3IM3jbq8byaoaRqeGSxhZwd
os+rSxn3oUSrAy7KwMVk4z2DQAUejj8LnSSTXQJD+8eWxYNxy6d5c3O1xZkwDL9B
1auo35soCcAI4Rm7Fu8irg38loH4BtMOv5TQplHSt1ir9rfQbcU=
=iqK4
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: 400 error when upgrading tomcat

Brian Harris
Thanks Christopher.  You just nailed it buddy.  I changed them all to \r\n
and it got a 200.  I was completely overlooking that as it had never caused
a problem before.  Something in 8.5.51 would not allow that anymore.

On Thu, Sep 10, 2020 at 4:07 PM Christopher Schultz <
[hidden email]> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Brian,
>
> On 9/10/20 13:13, Brian Harris wrote:
> > We’re having an issue when upgrading Tomcat from 8.5.50 to 8.5.51.
> > Since moving to this version, requests sent to the http port are
> > failing with a 400 error code(bad request).  The server.xml is
> > configured to redirect the http port to the https port.  This has
> > worked for years and did not start failing until the upgrade.
> > Below is the connector config and the java class used to send a
> > test transaction to the server.
> >
> > I’ve searched the change log and the only change I can see that
> > might cause this is the Bug fix for bug 63966 – Charset of TLS
> > message is hard coded to ISO-8859-1.  This bug fix was introduced
> > into 8.5.51.  The reason I believe this might be the reason is when
> > we would send this request to tomcat 8.5.50 the reply Content-Type
> > would look like this:
> >
> >
> >
> > Content-Type: text/plain;charset=ISO-8859-1
> >
> >
> >
> > With tomcat 8.5.51, I get this:
> >
> > Content-Type: text/html;charset=utf-8
> >
> >
> >
> > Any ideas why I’m getting the 400 error when upgrading to 8.5.51
> > and beyond ?
> >
> >
> >
> > Connector config:
> >
> >
> >
> > <Connector port="5555" protocol="HTTP/1.1"
> >
> > connectionTimeout="20000"
> >
> > redirectPort="7777"
> >
> > />
> >
> >
> >
> > <Connector port="7777" protocol="HTTP/1.1" SSLEnabled="true"
> >
> > scheme="https" secure="true"
> > ciphers="TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_
> GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_
> GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AE
> S_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_
> AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECD
> SA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECD
> HE_RSA_WITH_AES_256_GCM_SHA384"
> >
> >  clientAuth="false" sslProtocol="TLS"
> > sslEnabledProtocols="TLSv1.2"
> >
> > keyAlias="myKey"
> >
> > keystore="NONE"
> >
> > keystorePass="password"
> >
> > keystoreType="PKCS11"
> >
> > keystoreProvider="myprovider"
> >
> > enableLookups="false"
> >
> > server="server"
> >
> > "/>
> >
> >
> >
> >
> >
> > Java class used to send the test transaction:
> >
> >
> >
> > package com.testing;
> >
> >
> >
> > import java.io.*;
> >
> > import java.net.*;
> >
> > import java.util.Date;
> >
> > import java.text.DateFormat;
> >
> > import java.text.SimpleDateFormat;
> >
> >
> >
> > public class RunTestTran{
> >
> >
> >
> > public  RunTestTran() {
> >
> > }
> >
> >
> >
> > public static void main(String [] args){
> >
> > RunTestTran recordProcessorTest = new RunTestTran();
> >
> > recordProcessorTest.runTran("localhost", 5555,
> > "/requestProcessor/rp");
> >
> > }
> >
> >
> >
> > private void runTran(String ip, int port, String appName){
> >
> > Socket socket = null;
> >
> > PrintWriter out = null;
> >
> > BufferedReader in = null;
> >
> > String dataToSend = "";
> >
> >
> >
> > //Create socket connection
> >
> > try {
> >
> > socket = new Socket(ip, port);
> >
> > out = new PrintWriter(socket.getOutputStream(), true);
> >
> > in = new BufferedReader(new
> > InputStreamReader(socket.getInputStream()));
> >
> > } catch  (Exception e) {
> >
> > System.out.println("Exception:" + e.toString() );
> >
> > System.exit(1);
> >
> > }
> >
> >
> >
> > DateFormat dateFormat = new SimpleDateFormat("MMddHHmmsss");
> >
> > //get current date time with Date() to create a 11 digit tran id
> >
> > Date date = new Date();
> >
> > String tranId = dateFormat.format(date);
> >
> > String PRIMER_TRAN = "     V " + tranId + "9999999999000000000JANE
> > DOE         100 Redwood Shores Pkwy             Redwood City
> > CA94065000000000000000  PRIMER TRAN";
> >
> >
> >
> >
> >
> > try{
> >
> > dataToSend = URLEncoder.encode("inputRecord", "UTF-8") + "=" +
> > URLEncoder.encode(PRIMER_TRAN, "UTF-8");
> >
> >
> >
> > }catch(Exception e){
> >
> > System.out.println("Exception caught!" + e.toString());
> >
> > }
> >
> > // send message
> >
> > StringBuffer sb = new StringBuffer();
> >
> > sb.append("POST /" + appName + "/wrp HTTP/1.1\r\n");
> >
> > // Try connection close-- see if it does close
> >
> > sb.append("Connection: close\r\n");
> >
> > sb.append("Accept: image/gif, image/x-xbitmap, image/jpeg,
> > image/pjpeg, application/vnd.ms-powerpoint,
> > application/vnd.ms-excel, application/msword\n");
> >
> > sb.append("Accept-Language: en-us\n");
> >
> > sb.append("Accept-Encoding: gzip, deflate\n");
> >
> > sb.append("User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows
> > NT 5.0)\n");
> >
> > // Authorization
> >
> > sb.append("Authorization: Basic DK34a3RvbWVydGVzddkK7WCx\n");
> >
> > sb.append("Host: " + ip + ":" + port + "\n");
> >
> > sb.append("Content-Length: " + dataToSend.length() + "\r\n");
> >
> > sb.append("Content-Type: application/x-www-form-urlencoded\r\n");
> >
> > sb.append("\r\n");
> >
> > sb.append(dataToSend);
> >
> > // Send data
> >
> > String text = sb.toString();
> >
> > out.println(text);
> >
> >
> >
> > System.out.println("\nText sent " + text.length() + " bytes:");
> >
> > System.out.println(text + "\n\n");
> >
> >
> >
> > try{
> >
> > String gotBack1 = in.readLine();
> >
> > System.out.println("Text received:" + gotBack1 );
> >
> > String gotBack = null;
> >
> > while (  (gotBack = in.readLine()) != null){
> >
> > System.out.println("Text received:" + gotBack );
> >
> > if ( (gotBack.indexOf("TQ!") != -1)){
> >
> > break;
> >
> > }
> >
> > }
> >
> > } catch (Exception e){
> >
> > System.out.println("Read failed! " + e.toString());
> >
> > System.exit(1);
> >
> > }
> >
> > } }
>
> Half your headers have \n line-terminators rather than \r\n
> line-terminators. Is that intentional? It's certianly not /legal/.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9ah2sACgkQHPApP6U8
> pFit/g/9FyJb2JlIDsBGZLO3pYl/Uqn62O32hWT92WuXNQ7mGObfikNC3KUxtMZV
> 0SjKWBc5Nfo4E6JJM502AQk5LGq/aWj/E0gGWBoJEcinkNkygFJr3e5NsOt4Czia
> PzsvhUwKw/NGNN8jO8GgORR8/52yhsADBWWBmQKaEIxhSKBRrsf9KVjlAosBXcK1
> fJ5rWLKMTTShMRChyS8YtklWjuQtGVmNu3+Z0/1H/gN7DUBJWBRu5w5NBEzmGufm
> sdpzYUjVabdoywtIA03gjRPoamadfqFJ7SBU7PSaOKwtj1mamBfwmTTnsOH0I6QN
> whqFP7v74vBC4IKG8Ixe+kP8Go3uujRdC9Pu6dpxOfLLOtU8bCIVNXsFeR7jJX+m
> 3DdhWsddDuo6oLgKAJHpJ6/hsTX7DCou4TP1OmFs9N2m67CdYQ3Ih2JKf0RNJ6Pr
> ujMPCQSYYAM8QAsYRf58dXoX1I1hO79A0naSn2nMjBess+t9bAhClrg+A4QXVWGj
> 9HMvX2JFkFOXDM9vm+bqVZCAc/n0a3PcANpkoLbv/3IM3jbq8byaoaRqeGSxhZwd
> os+rSxn3oUSrAy7KwMVk4z2DQAUejj8LnSSTXQJD+8eWxYNxy6d5c3O1xZkwDL9B
> 1auo35soCcAI4Rm7Fu8irg38loH4BtMOv5TQplHSt1ir9rfQbcU=
> =iqK4
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: 400 error when upgrading tomcat

markt
On 10/09/2020 21:23, Brian Harris wrote:
> Thanks Christopher.  You just nailed it buddy.  I changed them all to \r\n
> and it got a 200.  I was completely overlooking that as it had never
caused
> a problem before.  Something in 8.5.51 would not allow that anymore.

That is the fix for CVE-2020-1935

See http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51

It isn't explicit in the changelog because it is security related and
the change log is public before the release is available.

Mark


>
> On Thu, Sep 10, 2020 at 4:07 PM Christopher Schultz <
> [hidden email]> wrote:
>
> Brian,
>
> On 9/10/20 13:13, Brian Harris wrote:
>>>> We’re having an issue when upgrading Tomcat from 8.5.50 to 8.5.51.
>>>> Since moving to this version, requests sent to the http port are
>>>> failing with a 400 error code(bad request).  The server.xml is
>>>> configured to redirect the http port to the https port.  This has
>>>> worked for years and did not start failing until the upgrade.
>>>> Below is the connector config and the java class used to send a
>>>> test transaction to the server.
>>>>
>>>> I’ve searched the change log and the only change I can see that
>>>> might cause this is the Bug fix for bug 63966 – Charset of TLS
>>>> message is hard coded to ISO-8859-1.  This bug fix was introduced
>>>> into 8.5.51.  The reason I believe this might be the reason is when
>>>> we would send this request to tomcat 8.5.50 the reply Content-Type
>>>> would look like this:
>>>>
>>>>
>>>>
>>>> Content-Type: text/plain;charset=ISO-8859-1
>>>>
>>>>
>>>>
>>>> With tomcat 8.5.51, I get this:
>>>>
>>>> Content-Type: text/html;charset=utf-8
>>>>
>>>>
>>>>
>>>> Any ideas why I’m getting the 400 error when upgrading to 8.5.51
>>>> and beyond ?
>>>>
>>>>
>>>>
>>>> Connector config:
>>>>
>>>>
>>>>
>>>> <Connector port="5555" protocol="HTTP/1.1"
>>>>
>>>> connectionTimeout="20000"
>>>>
>>>> redirectPort="7777"
>>>>
>>>> />
>>>>
>>>>
>>>>
>>>> <Connector port="7777" protocol="HTTP/1.1" SSLEnabled="true"
>>>>
>>>> scheme="https" secure="true"
>>>> ciphers="TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_
> GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_
> GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AE
> S_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_
> AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECD
> SA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECD
> HE_RSA_WITH_AES_256_GCM_SHA384"
>>>>
>>>>  clientAuth="false" sslProtocol="TLS"
>>>> sslEnabledProtocols="TLSv1.2"
>>>>
>>>> keyAlias="myKey"
>>>>
>>>> keystore="NONE"
>>>>
>>>> keystorePass="password"
>>>>
>>>> keystoreType="PKCS11"
>>>>
>>>> keystoreProvider="myprovider"
>>>>
>>>> enableLookups="false"
>>>>
>>>> server="server"
>>>>
>>>> "/>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Java class used to send the test transaction:
>>>>
>>>>
>>>>
>>>> package com.testing;
>>>>
>>>>
>>>>
>>>> import java.io.*;
>>>>
>>>> import java.net.*;
>>>>
>>>> import java.util.Date;
>>>>
>>>> import java.text.DateFormat;
>>>>
>>>> import java.text.SimpleDateFormat;
>>>>
>>>>
>>>>
>>>> public class RunTestTran{
>>>>
>>>>
>>>>
>>>> public  RunTestTran() {
>>>>
>>>> }
>>>>
>>>>
>>>>
>>>> public static void main(String [] args){
>>>>
>>>> RunTestTran recordProcessorTest = new RunTestTran();
>>>>
>>>> recordProcessorTest.runTran("localhost", 5555,
>>>> "/requestProcessor/rp");
>>>>
>>>> }
>>>>
>>>>
>>>>
>>>> private void runTran(String ip, int port, String appName){
>>>>
>>>> Socket socket = null;
>>>>
>>>> PrintWriter out = null;
>>>>
>>>> BufferedReader in = null;
>>>>
>>>> String dataToSend = "";
>>>>
>>>>
>>>>
>>>> //Create socket connection
>>>>
>>>> try {
>>>>
>>>> socket = new Socket(ip, port);
>>>>
>>>> out = new PrintWriter(socket.getOutputStream(), true);
>>>>
>>>> in = new BufferedReader(new
>>>> InputStreamReader(socket.getInputStream()));
>>>>
>>>> } catch  (Exception e) {
>>>>
>>>> System.out.println("Exception:" + e.toString() );
>>>>
>>>> System.exit(1);
>>>>
>>>> }
>>>>
>>>>
>>>>
>>>> DateFormat dateFormat = new SimpleDateFormat("MMddHHmmsss");
>>>>
>>>> //get current date time with Date() to create a 11 digit tran id
>>>>
>>>> Date date = new Date();
>>>>
>>>> String tranId = dateFormat.format(date);
>>>>
>>>> String PRIMER_TRAN = "     V " + tranId + "9999999999000000000JANE
>>>> DOE         100 Redwood Shores Pkwy             Redwood City
>>>> CA94065000000000000000  PRIMER TRAN";
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> try{
>>>>
>>>> dataToSend = URLEncoder.encode("inputRecord", "UTF-8") + "=" +
>>>> URLEncoder.encode(PRIMER_TRAN, "UTF-8");
>>>>
>>>>
>>>>
>>>> }catch(Exception e){
>>>>
>>>> System.out.println("Exception caught!" + e.toString());
>>>>
>>>> }
>>>>
>>>> // send message
>>>>
>>>> StringBuffer sb = new StringBuffer();
>>>>
>>>> sb.append("POST /" + appName + "/wrp HTTP/1.1\r\n");
>>>>
>>>> // Try connection close-- see if it does close
>>>>
>>>> sb.append("Connection: close\r\n");
>>>>
>>>> sb.append("Accept: image/gif, image/x-xbitmap, image/jpeg,
>>>> image/pjpeg, application/vnd.ms-powerpoint,
>>>> application/vnd.ms-excel, application/msword\n");
>>>>
>>>> sb.append("Accept-Language: en-us\n");
>>>>
>>>> sb.append("Accept-Encoding: gzip, deflate\n");
>>>>
>>>> sb.append("User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows
>>>> NT 5.0)\n");
>>>>
>>>> // Authorization
>>>>
>>>> sb.append("Authorization: Basic DK34a3RvbWVydGVzddkK7WCx\n");
>>>>
>>>> sb.append("Host: " + ip + ":" + port + "\n");
>>>>
>>>> sb.append("Content-Length: " + dataToSend.length() + "\r\n");
>>>>
>>>> sb.append("Content-Type: application/x-www-form-urlencoded\r\n");
>>>>
>>>> sb.append("\r\n");
>>>>
>>>> sb.append(dataToSend);
>>>>
>>>> // Send data
>>>>
>>>> String text = sb.toString();
>>>>
>>>> out.println(text);
>>>>
>>>>
>>>>
>>>> System.out.println("\nText sent " + text.length() + " bytes:");
>>>>
>>>> System.out.println(text + "\n\n");
>>>>
>>>>
>>>>
>>>> try{
>>>>
>>>> String gotBack1 = in.readLine();
>>>>
>>>> System.out.println("Text received:" + gotBack1 );
>>>>
>>>> String gotBack = null;
>>>>
>>>> while (  (gotBack = in.readLine()) != null){
>>>>
>>>> System.out.println("Text received:" + gotBack );
>>>>
>>>> if ( (gotBack.indexOf("TQ!") != -1)){
>>>>
>>>> break;
>>>>
>>>> }
>>>>
>>>> }
>>>>
>>>> } catch (Exception e){
>>>>
>>>> System.out.println("Read failed! " + e.toString());
>>>>
>>>> System.exit(1);
>>>>
>>>> }
>>>>
>>>> } }
>
> Half your headers have \n line-terminators rather than \r\n
> line-terminators. Is that intentional? It's certianly not /legal/.
>
> -chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]