Java 11 - Tomcat 8 - SSL

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Java 11 - Tomcat 8 - SSL

Justin Wilke
Hello,

Hitting kind of a dead end on my attempt to upgrade to java 11, it was suggested to me to reach out to this group.

We are currently running on Java 8, Tomcat 8.5.3 in prod. We are looking to upgrade to java 11.

Looking at http://tomcat.apache.org/whichversion.html - it seems like everything should run on java 8 or higher.

Trying to log into through https://myhost:8443<https://myhost:8443/> – I get the following in catalina:

05-Dec-2018 13:27:21.690 SEVERE https-jsse-nio2-8443-exec-4<https://jamfsoftware.atlassian.net/wiki/display/FU/https-jsse-nio2-8443-exec-4>org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun Error running socket processor
java.lang.ExceptionInInitializerError
at org.apache.tomcat.util.buf.ByteBufferUtils.<clinit>(ByteBufferUtils.java:38)
at org.apache.tomcat.util.net.SocketBufferHandler.expand(SocketBufferHandler.java:155)
at org.apache.tomcat.util.net.SecureNio2Channel.processSNI(SecureNio2Channel.java:381)
at org.apache.tomcat.util.net.SecureNio2Channel.handshakeInternal(SecureNio2Channel.java:213)
at org.apache.tomcat.util.net.SecureNio2Channel.handshake(SecureNio2Channel.java:204)
at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1605)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:803)
at org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:98)
at org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:91)
at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127)
at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219)
at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.IllegalAccessException: class org.apache.tomcat.util.buf.ByteBufferUtils cannot access class jdk.internal.ref.Cleaner (in module java.base) because module java.base does not export jdk.internal.ref to unnamed module @51399530
at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:361)
at java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:591)
at java.base/java.lang.reflect.Method.invoke(Method.java:558)
at org.apache.tomcat.util.buf.ByteBufferUtils.<clinit>(ByteBufferUtils.java:35)
... 16 more

05-Dec-2018 13:27:21.690 SEVERE https-jsse-nio2-8443-exec-3<https://jamfsoftware.atlassian.net/wiki/display/FU/https-jsse-nio2-8443-exec-3>org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun Error running socket processor
java.lang.NoClassDefFoundError: Could not initialize class org.apache.tomcat.util.buf.ByteBufferUtils
at org.apache.tomcat.util.net.SocketBufferHandler.expand(SocketBufferHandler.java:155)
at org.apache.tomcat.util.net.SecureNio2Channel.processSNI(SecureNio2Channel.java:381)
at org.apache.tomcat.util.net.SecureNio2Channel.handshakeInternal(SecureNio2Channel.java:213)
at org.apache.tomcat.util.net.SecureNio2Channel.handshake(SecureNio2Channel.java:204)
at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1605)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:803)
at org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:98)
at org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:91)
at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127)
at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219)
at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)

05-Dec-2018 13:27:21.696 SEVERE https-jsse-nio2-8443-exec-6<https://jamfsoftware.atlassian.net/wiki/display/FU/https-jsse-nio2-8443-exec-6>org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun Error running socket processor
java.lang.NoClassDefFoundError: Could not initialize class org.apache.tomcat.util.buf.ByteBufferUtils
at org.apache.tomcat.util.net.SocketBufferHandler.expand(SocketBufferHandler.java:155)
at org.apache.tomcat.util.net.SecureNio2Channel.processSNI(SecureNio2Channel.java:381)
at org.apache.tomcat.util.net.SecureNio2Channel.handshakeInternal(SecureNio2Channel.java:213)
at org.apache.tomcat.util.net.SecureNio2Channel.handshake(SecureNio2Channel.java:204)
at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1605)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:803)
at org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:98)
at org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:91)
at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127)
at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219)
at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)

Chrome displays:

This site can’t provide a secure connection
Unknown macro: {myhost name}

sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

With no code changes – and running on 9.0.13 – with the same SSL config in server.xml – I am able to log in fine.

Are there known issues with with tomcat 8, Java 11 and SSL? Is upgrading to tomcat 9 necessary?

Please let me know if I can provide any more information

Thanks!
-Justin

Reply | Threaded
Open this post in threaded view
|

Re: Java 11 - Tomcat 8 - SSL

markt
On 05/12/2018 21:30, Justin Wilke wrote:
> Hello,
>
> Hitting kind of a dead end on my attempt to upgrade to java 11, it was suggested to me to reach out to this group.
>
> We are currently running on Java 8, Tomcat 8.5.3 in prod. We are looking to upgrade to java 11.

8.5.3 is over 2 years old and pre-dates Java 11 by quite some way. If
you use the latest 8.5.x you should be fine.

You should also review the known vulnerabilities in 8.5.x:

http://tomcat.apache.org/security-8.html

> Looking at http://tomcat.apache.org/whichversion.html - it seems like everything should run on java 8 or higher.
>
> Trying to log into through https://myhost:8443<https://myhost:8443/> – I get the following in catalina:
>
> 05-Dec-2018 13:27:21.690 SEVERE https-jsse-nio2-8443-exec-4<https://jamfsoftware.atlassian.net/wiki/display/FU/https-jsse-nio2-8443-exec-4>org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun Error running socket processor
> java.lang.ExceptionInInitializerError
> at org.apache.tomcat.util.buf.ByteBufferUtils.<clinit>(ByteBufferUtils.java:38)
> at org.apache.tomcat.util.net.SocketBufferHandler.expand(SocketBufferHandler.java:155)
> at org.apache.tomcat.util.net.SecureNio2Channel.processSNI(SecureNio2Channel.java:381)
> at org.apache.tomcat.util.net.SecureNio2Channel.handshakeInternal(SecureNio2Channel.java:213)
> at org.apache.tomcat.util.net.SecureNio2Channel.handshake(SecureNio2Channel.java:204)
> at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1605)
> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
> at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:803)
> at org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:98)
> at org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:91)
> at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127)
> at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219)
> at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
> at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by: java.lang.IllegalAccessException: class org.apache.tomcat.util.buf.ByteBufferUtils cannot access class jdk.internal.ref.Cleaner (in module java.base) because module java.base does not export jdk.internal.ref to unnamed module @51399530

<snip/>

That is Java 9 compatibility of the ByteBuffer cleaner which the
changelog says was fixed in 8.5.6 (released over 2 years ago).

> Chrome displays:
>
> This site can’t provide a secure connection
> Unknown macro: {myhost name}
>
> sent an invalid response.
> ERR_SSL_PROTOCOL_ERROR
>
> With no code changes – and running on 9.0.13 – with the same SSL config in server.xml – I am able to log in fine.
>
> Are there known issues with with tomcat 8, Java 11 and SSL? Is upgrading to tomcat 9 necessary?

It is not surprising that you see Java 9 related errors with a version
Tomcat 8 released several months before Java 9 was GA. Update to a more
recent 8.5.x release - ideally the latest - and you should be fine.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]