[Bug 60030] New: Run away CPU with JSSE / OpenSSL with IE8

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
33 messages Options
12
Reply | Threaded
Open this post in threaded view
|

[Bug 60030] New: Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

            Bug ID: 60030
           Summary: Run away CPU with JSSE / OpenSSL with IE8
           Product: Tomcat 8
           Version: 8.5.3
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: Catalina
          Assignee: [hidden email]
          Reporter: [hidden email]

Tomcat: 8.5.3
OS: Ubuntu 16.04 (64-bit)
java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)


JSSE implementation that uses OpenSSL seems to have an issue where a request
from Internet Explorer 8.x can cause a large portion of the CPU to be consumed
until tomcat restart.  

Steps to replicate:

1.  On Ubuntu 16.04, download and extract 8.5.3.  
2.  Modify the conf/server.xml and add the following connector for SSL
configuration:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" maxThreads="750" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeyFile="xxx.pem"
certificateFile="xxx.pem"
certificateChainFile="xxx.pem"
type="RSA" />
</SSLHostConfig>
</Connector>

3. Start tomcat and navigate using IE8 or IE8 on
http://netrenderer.com/index.php to:
https://x.x.x.x:8443/manager/html


Result:
The CPU hangs at around 70%-100% on a single core until tomcat is started.  

Expected:
The page should be rendered without a high CPU load.  

This is worrying due to the ease of exploitation and large, persistent
consumption of resources.  We have tested and replicated using Let's Encrypt
and a GoDaddy wildcard ssl cert on multiple machines.  I would suspect this is
due to a combination of older ciphers used on IE8.

--
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

Remy Maucherat <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

--- Comment #1 from Remy Maucherat <[hidden email]> ---
I had missed the thread dump: http://pastebin.com/n9Rkybwv

This is not using OpenSSL actually, just plain JSSE with OpenSSL PEMs (thread
names are "https-jsse-nio-8443-*", if it was using OpenSSL it would be
"https-openssl-nio-8443-*").
Like Christopher, I don't see any problem thread that would be using CPU in the
dump. Everything seems to be doing nothing and there are a few threads polling
as they should.

So when you're using a keystore for your certificate, you're not running into
this issue ?

--
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

[hidden email] changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #2 from [hidden email] ---
I was able to reproduce this on multiple machines (all Ubuntu; all oracle Java
8) using 8.5.3 and I tried two certs and it always caused the high CPU
consumption.  Yes, I had the same issue after converting to a keystore as well.
 I tried the same exact setup on 8.0.36 and everything worked as expected.  For
the time being, I've rolled back to 8.0.36, but would be more than happy to
provide any additional information, as it is simple to replicate.

--
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

Mark Thomas <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Mark Thomas <[hidden email]> ---
This has been fixed in the following branches:
- 9.0.x for 9.0.0.M10 onwards
- 8.5.x for 8.5.5 onwards

8.0.x and earlier are not affected as they do not support SNI.

--
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

Remy Maucherat <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #4 from Remy Maucherat <[hidden email]> ---
*** Bug 61089 has been marked as a duplicate of this bug. ***

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

--- Comment #5 from redball12345671211 <[hidden email]> ---
The information you shared is very helpful to us.
http://outlook-entrar.net/

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

markt
On 27/06/2019 05:26, [hidden email] wrote:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60030
>
> --- Comment #5 from redball12345671211 <[hidden email]> ---

Account disabled. Spam deleted.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

kylivo <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|                            |http://199.192.26.181

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

markt
On 10/07/2020 07:42, [hidden email] wrote:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60030
>
> kylivo <[hidden email]> changed:

Spam reverted and the account has been disabled.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

ulerkeket21 <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|                            |https://www.ayobisnis.info/

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

Coty Sutherland <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|https://www.ayobisnis.info/ |

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

--- Comment #5 from aflaputrirohani <[hidden email]> ---
https://199.192.31.27
https://199.192.31.67
https://199.192.31.174
https://199.192.31.253
http://www.dewatogelonline88.com

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

--- Comment #6 from martina eye <[hidden email]> ---
Perkembangan drama Korea ini menarik untuk disimak bukan hanya dari segi alur
cerita dan kualitas dramanya saja, tetapi dari segi perkembangan genre,
pemainnya, bahkan para penggemarnya. Berikut perjalanan sejarah awal kehadiran
drama Korea, atau lebih dikenal drakor, dilansir dari berbagai sumber. Situs
Streaming Yang Disajikan dengan Performa yang Sangat Cepat dan Ringan

https://dewabioskop21.biz/drama-korea
https://dewabioskop21.biz/genre/romance
https://dewabioskop21.biz/

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

--- Comment #7 from martina eye <[hidden email]> ---
Sangat dianjurkan melihat cap suatu anime humor dahulu sebelum ditonton bersama
anggota keluarga ya, karena ada beberapa anime lucu dan kocak yang bercap 18+
atau 18 tahun ke atas. Jika kalian ingin mengetahui semua info lengkap tentang
update berita anime silahkan kunjungi link domigado yang sudah saya bagi ini.
Seiring kepopulerannya, drama Korea sebenarnya telah melalui beberapa tahap
perjalanan yang kemudian membuatnya berhasil bertahan dan semakin besar. Jika
kalian ingin mengetahui semua info lengkap tentang update berita idol korea
kalian silahkan kunjungi link domigado yang sudah saya bagi ini.
https://domigado.com/korea/
https://domigado.com/anime/

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Felix Schumacher
Am 10.08.20 um 09:55 schrieb [hidden email]:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60030
>
> --- Comment #7 from martina eye <[hidden email]> ---

Spam reverted and the account has been disabled.

 Felix


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Felix Schumacher
In reply to this post by Bugzilla from bugzilla@apache.org
Am 10.08.20 um 06:05 schrieb [hidden email]:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60030
>
> --- Comment #5 from aflaputrirohani <[hidden email]> ---

Spam reverted and the account has been disabled.

 Felix


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

MoNs <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|                            |https://www.gelkeyfim.com

--- Comment #5 from MoNs <[hidden email]> ---
https://www.mavisohbet.org ile gerçekleşen sohbetler.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Felix Schumacher
Am 14.08.20 um 18:48 schrieb [hidden email]:

> https://bz.apache.org/bugzilla/show_bug.cgi?id=60030
>
> MoNs <[hidden email]> changed:

Spam reverted and the account has been disabled.

 Felix


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Felix Schumacher
In reply to this post by Bugzilla from bugzilla@apache.org

Am 01.09.20 um 10:59 schrieb [hidden email]:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

Spam reverted and the account has been disabled.

 Felix


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

popol777 <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|FIXED                       |REMIND

--- Comment #5 from popol777 <[hidden email]> ---
try this
https://gipuzkoa2.net
https://domigado.com
https://linktr.ee/Berita.Artis.Korea
https://linktr.ee/Berita_Kpop

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

12