-
Bug
-
Resolution: Won't Do
-
Minor
-
None
-
JWS 5.0_RHEL ER1
-
None
-
None
Tomcat
Tomcat log
hudson@rhel7GAx86-64:/opt/noe-tests$ /usr/java/latest//bin/java -Djavax.net.debug=ssl -Djava.util.logging.config.file=/tmp/mod_cluster-ts/jws-5.0/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms512m -Xmx512m -Djava.net.preferIPv4Stack=true -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Djava.library.path=/tmp/mod_cluster-ts/jws-5.0/tomcat/lib -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Xms128m -Xmx128m -Djava.net.preferIPv4Stack=true -Djavax.net.debug=ssl -Djava.security.egd=file:/dev/./urandom -Dignore.endorsed.dirs= -classpath /tmp/mod_cluster-ts/jws-5.0/tomcat/bin/bootstrap.jar:/tmp/mod_cluster-ts/jws-5.0/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/tmp/mod_cluster-ts/jws-5.0/tomcat -Dcatalina.home=/tmp/mod_cluster-ts/jws-5.0/tomcat -Djava.io.tmpdir=/tmp/mod_cluster-ts/jws-5.0/tomcat/temp org.apache.catalina.startup.Bootstrap 1457157012 start
usage: java org.apache.catalina.startup.Catalina [ -config {pathname} ] [ -nonaming ] { -help | start | stop }
29-May-2018 10:58:24.983 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/9.0.7.redhat-2
29-May-2018 10:58:24.985 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: May 1 2018 12:59:02 UTC
29-May-2018 10:58:24.985 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 9.0.7.0
29-May-2018 10:58:24.985 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
29-May-2018 10:58:24.985 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 3.10.0-862.el7.x86_64
29-May-2018 10:58:24.985 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
29-May-2018 10:58:24.985 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/java/jdk1.8.0_121/jre
29-May-2018 10:58:24.985 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_121-b13
29-May-2018 10:58:24.985 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation
29-May-2018 10:58:24.985 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /tmp/mod_cluster-ts/jws-5.0/tomcat
29-May-2018 10:58:24.985 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /tmp/mod_cluster-ts/jws-5.0/tomcat
29-May-2018 10:58:24.986 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djavax.net.debug=ssl
29-May-2018 10:58:24.986 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/tmp/mod_cluster-ts/jws-5.0/tomcat/conf/logging.properties
29-May-2018 10:58:24.986 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
29-May-2018 10:58:24.986 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xms512m
29-May-2018 10:58:24.986 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx512m
29-May-2018 10:58:24.986 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.net.preferIPv4Stack=true
29-May-2018 10:58:24.986 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.library.path=/tmp/mod_cluster-ts/jws-5.0/tomcat/lib
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xms128m
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx128m
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.net.preferIPv4Stack=true
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djavax.net.debug=ssl
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.security.egd=file:/dev/./urandom
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/tmp/mod_cluster-ts/jws-5.0/tomcat
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/tmp/mod_cluster-ts/jws-5.0/tomcat
29-May-2018 10:58:24.987 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/tmp/mod_cluster-ts/jws-5.0/tomcat/temp
29-May-2018 10:58:24.988 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.16] using APR version [1.6.3].
29-May-2018 10:58:24.988 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
29-May-2018 10:58:24.988 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [true], useOpenSSL [true]
29-May-2018 10:58:24.991 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.0.2n 7 Dec 2017]
29-May-2018 10:58:25.101 INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["https-openssl-apr-127.0.0.1-8443"] connector has been configured to support negotiation to [h2] via ALPN
29-May-2018 10:58:25.101 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-apr-127.0.0.1-8443"]
29-May-2018 10:58:25.163 INFO [main] org.jboss.modcluster.ModClusterService.init MODCLUSTER000001: Initializing mod_cluster version 1.4.0.Final-redhat-1
29-May-2018 10:58:25.173 INFO [main] org.jboss.modcluster.advertise.impl.AdvertiseListenerImpl.start MODCLUSTER000032: Listening to proxy advertisements on /224.0.5.172:62763
29-May-2018 10:58:25.174 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 598 ms
29-May-2018 10:58:25.197 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
29-May-2018 10:58:25.198 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/9.0.7.redhat-2
29-May-2018 10:58:25.218 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/clusterbench.war]
29-May-2018 10:58:25.595 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
29-May-2018 10:58:25.622 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/clusterbench.war] has finished in [404] ms
29-May-2018 10:58:25.623 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/ROOT]
29-May-2018 10:58:25.705 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
29-May-2018 10:58:25.707 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/ROOT] has finished in [84] ms
29-May-2018 10:58:25.707 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/host-manager]
29-May-2018 10:58:25.784 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
29-May-2018 10:58:25.788 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/host-manager] has finished in [81] ms
29-May-2018 10:58:25.788 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/manager]
29-May-2018 10:58:25.846 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
29-May-2018 10:58:25.849 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/manager] has finished in [60] ms
29-May-2018 10:58:25.849 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/docs]
29-May-2018 10:58:25.896 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
29-May-2018 10:58:25.898 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/docs] has finished in [49] ms
29-May-2018 10:58:25.898 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/examples]
29-May-2018 10:58:26.017 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
29-May-2018 10:58:26.020 INFO [main] org.apache.catalina.core.ApplicationContext.log ContextListener: contextInitialized()
29-May-2018 10:58:26.020 INFO [main] org.apache.catalina.core.ApplicationContext.log SessionListener: contextInitialized()
29-May-2018 10:58:26.021 INFO [main] org.apache.catalina.core.ApplicationContext.log ContextListener: attributeAdded('StockTicker', 'async.Stockticker@7a55f148')
29-May-2018 10:58:26.025 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/tmp/mod_cluster-ts/jws-5.0/tomcat/webapps/examples] has finished in [126] ms
29-May-2018 10:58:26.027 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-apr-127.0.0.1-8443"]
29-May-2018 10:58:26.039 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 864 ms
29-May-2018 10:58:36.171 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.AbstractProtocol$ConnectionHandler.process Processing socket [140,576,494,194,272] with status [OPEN_READ]
29-May-2018 10:58:36.171 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.AbstractProtocol$ConnectionHandler.process Found processor [null] for socket [140,576,494,194,272]
29-May-2018 10:58:36.189 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.ConnectionSettingsBase.set Connection [0], Parameter type [3] set to [200]
29-May-2018 10:58:36.190 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.ConnectionSettingsBase.set Connection [0], Parameter type [4] set to [65535]
29-May-2018 10:58:36.193 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch Entry, Connection [0], SocketStatus [OPEN_READ]
29-May-2018 10:58:36.193 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Http2UpgradeHandler.init Connection [0], State [NEW]
29-May-2018 10:58:36.200 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Http2Parser.validateFrame Connection [0], Stream [0], Frame type [SETTINGS], Flags [0], Payload size [18]
29-May-2018 10:58:36.201 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.ConnectionSettingsBase.set Connection [0], Parameter type [3] set to [100]
29-May-2018 10:58:36.201 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.ConnectionSettingsBase.set Connection [0], Parameter type [4] set to [1073741824]
29-May-2018 10:58:36.201 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.ConnectionSettingsBase.set Connection [0], Parameter type [2] set to [0]
29-May-2018 10:58:36.201 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Http2UpgradeHandler.init Connection [0], Connection preface received from client
29-May-2018 10:58:36.202 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Http2Parser.validateFrame Connection [0], Stream [0], Frame type [WINDOW_UPDATE], Flags [0], Payload size [4]
29-May-2018 10:58:36.202 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Http2Parser.readWindowUpdateFrame Connection [0], Stream [0], Window size increment [1073676289]
29-May-2018 10:58:36.202 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.AbstractStream.incrementWindowSize Connection [0], Stream [0], increase flow control window by [1073676289] to [1073741824]
29-May-2018 10:58:36.202 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Http2Parser.validateFrame Connection [0], Stream [1], Frame type [HEADERS], Flags [5], Payload size [40]
29-May-2018 10:58:36.216 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.StreamStateMachine.stateChange Connection [0], Stream [1], State changed from [null] to [IDLE]
29-May-2018 10:58:36.221 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.StreamStateMachine.stateChange Connection [0], Stream [1], State changed from [IDLE] to [OPEN]
29-May-2018 10:58:36.221 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Http2Parser.readHeaderPayload Connection [0], Stream [1], Processing headers payload size [40]
29-May-2018 10:58:36.222 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Stream.emitHeader Connection [0], Stream [1], HTTP header [:method], Value [GET]
29-May-2018 10:58:36.222 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Stream.emitHeader Connection [0], Stream [1], HTTP header [:path], Value [/]
29-May-2018 10:58:36.223 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Stream.emitHeader Connection [0], Stream [1], HTTP header [:scheme], Value [https]
29-May-2018 10:58:36.226 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Stream.emitHeader Connection [0], Stream [1], HTTP header [:authority], Value [node1_javaserver:8443]
29-May-2018 10:58:36.231 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch Connection error
org.apache.coyote.http2.ConnectionException: There was an error during the HPACK decoding of HTTP headers
at org.apache.coyote.http2.Http2Parser.readHeaderPayload(Http2Parser.java:477)
at org.apache.coyote.http2.Http2Parser.readHeadersFrame(Http2Parser.java:267)
at org.apache.coyote.http2.Http2Parser.readFrame(Http2Parser.java:97)
at org.apache.coyote.http2.Http2Parser.readFrame(Http2Parser.java:69)
at org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:316)
at org.apache.coyote.http11.upgrade.UpgradeProcessorInternal.dispatch(UpgradeProcessorInternal.java:54)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:53)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:2269)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.coyote.http2.HpackException: Connection [0], Stream [1], The header [:authority] contained invalid date [node1_javaserver:8443]
at org.apache.coyote.http2.Stream.emitHeader(Stream.java:334)
at org.apache.coyote.http2.HpackDecoder.emitHeader(HpackDecoder.java:430)
at org.apache.coyote.http2.HpackDecoder.decode(HpackDecoder.java:124)
at org.apache.coyote.http2.Http2Parser.readHeaderPayload(Http2Parser.java:474)
... 12 more
29-May-2018 10:58:36.233 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Stream.receiveReset Connection [0], Stream [1], Reset received due to [8]
29-May-2018 10:58:36.233 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.StreamStateMachine.stateChange Connection [0], Stream [1], State changed from [OPEN] to [CLOSED_RST_RX]
29-May-2018 10:58:36.238 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch Exit, Connection [0], SocketState [CLOSED]
29-May-2018 10:58:36.238 FINE [https-openssl-apr-127.0.0.1-8443-exec-1] org.apache.coyote.AbstractProcessorLight.process Socket: [org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper@6abad06f:140576494194272], Status in: [OPEN_READ], State out: [CLOSED]
Tomcat conf
<?xml version="1.0" encoding="UTF-8"?><Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener"/> <!-- TODO:add those to slurper: --> <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener" useAprConnector="true" SSLRandomSeed="/dev/urandom"/> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/> <GlobalNamingResources> <Resource factory="org.apache.catalina.users.MemoryUserDatabaseFactory" auth="Container" name="UserDatabase" description="User database that can be updated and saved" type="org.apache.catalina.UserDatabase" pathname="conf/tomcat-users.xml"/> </GlobalNamingResources> <Service name="Catalina"> <Engine defaultHost="node1_javaserver" name="Catalina" jvmRoute="tomcat-9-1"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host autoDeploy="true" appBase="webapps" name="node1_javaserver" unpackWARs="true"> <Valve prefix="node1_javaserver_access_log" pattern="%h %l %u %t "%r" %s %b" className="org.apache.catalina.valves.AccessLogValve" suffix=".txt" directory="logs"/> </Host> </Engine> <Connector protocol="org.apache.coyote.http11.Http11AprProtocol" address="node1_javaserver" scheme="https" SSLEnabled="true" port="8443" defaultSSLHostConfigName="node1_javaserver" secure="true" maxThreads="150" SSLCACertificateFile="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/certs/ca-chain.cert.pem" SSLCertificateFile="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/certs/node1_server.cert.pem" SSLCertificateKeyFile="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/private/node1_server.key.pem" SSLPassword="testpass" SSLVerifyClient="required" SSLProtocol="TLSv1.2" > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <!-- caCertificateFile="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/certs/ca-chain.cert.pem" certificateChainFile="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/csr/node1_server.csr.pem" certificateKeyFile="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/private/node1_server.key.pem" certificateFile="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/certs/node1_server.cert.pem" --> <!-- <SSLHostConfig hostName="node1_javaserver" caCertificateFile="/opt/noe-tests/resources/ssl/proper/generated/ca/certs/ca.cert.pem" ciphers="HIGH !MEDIUM !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" protocols="TLSv1.2" certificateVerificationDepth="5" certificateVerification="true"> <Certificate certificateKeyPassword="testpass" certificateChainFile="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/certs/ca-chain.cert.pem" certificateKeyFile="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/private/node1_server.key.pem" certificateFile="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/certs/node1_server.cert.pem" type="RSA"/> </SSLHostConfig> --> </Connector> </Service> <Listener loadMetricCapacity="1" loadHistory="9" sslKeyStore="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/keystores/node1_client.keystore.jks" sslKeyStoreType="JKS" className="org.jboss.modcluster.container.catalina.standalone.ModClusterListener" sslTrustStoreType="JKS" autoEnableContexts="true" stickySessionForce="false" connectorPort="8443" stickySession="true" ssl="true" stickySessionRemove="true" sslKeyStorePassword="tomcat" loadDecayFactor="2" sslTrustStore="/opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/keystores/ca-chain.keystore.jks" loadMetricClass="org.jboss.modcluster.load.metric.impl.BusyConnectorsLoadMetric" sslTrustStorePassword="tomcat" advertisePort="62763" advertiseInterface="node1_javaserver" sslProtocol="TLSv1.2" sslKeyAlias="javaclient" advertise="true" advertiseGroupAddress="224.0.5.172"/> </Server>
Curl - client
Build
Curl: built from sources, HEAD:5005ade2, https://github.com/curl/curl.git curl version: 7.61.0-DEV Host setup: x86_64-unknown-linux-gnu Install prefix: /usr/local Compiler: gcc SSL support: enabled (OpenSSL) SSH support: no (--with-libssh2) zlib support: enabled brotli support: no (--with-brotli) GSS-API support: no (--with-gssapi) TLS-SRP support: no (--enable-tls-srp) resolver: POSIX threaded IPv6 support: enabled Unix sockets support: enabled IDN support: enabled (libidn2) Build libcurl: Shared=yes, Static=yes Built-in manual: enabled --libcurl option: enabled (--disable-libcurl-option) Verbose errors: enabled (--disable-verbose) SSPI support: no (--enable-sspi) ca cert bundle: /etc/pki/tls/certs/ca-bundle.crt ca cert path: no ca fallback: no LDAP support: enabled (OpenLDAP) LDAPS support: enabled RTSP support: enabled RTMP support: no (--with-librtmp) metalink support: no (--with-libmetalink) PSL support: yes HTTP2 support: enabled (nghttp2) Protocols: DICT FILE FTP FTPS GOPHER HTTP HTTPS IMAP IMAPS LDAP LDAPS POP3 POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP
Curl - client log
See curl.trace.log
Short version:
hudson@rhel7GAx86-64:~/curl (master=)$ curl https://node1_javaserver:8443/ -i -v --tlsv1.2 --http2 --ciphers HIGH --cert-type PEM --ssl-no-revoke --cert /opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/certs/node1_client.cert.pem --key /opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/private/node1_client.key.pem --cacert /opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/certs/ca-chain.cert.pem --pass testpass * Trying 127.0.0.1... * TCP_NODELAY set * Connected to node1_javaserver (127.0.0.1) port 8443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: HIGH * successfully set certificate verify locations: * CAfile: /opt/noe-tests/resources/ssl/proper/generated/ca/intermediate/certs/ca-chain.cert.pem CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Request CERT (13): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS handshake, CERT verify (15): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=CZ; ST=Czech Republic; L=Brno; O=Red Hat Czech, s.r.o.; OU=EAP QE; CN=node1_javaserver; emailAddress=jkasik@redhat.com * start date: Apr 5 09:56:22 2018 GMT * expire date: Apr 2 09:56:22 2028 GMT * common name: node1_javaserver (matched) * issuer: C=CZ; ST=Czech Republic; O=Red Hat Czech, s.r.o.; OU=EAP QE; CN=intermediate_mod_cluster_test_certificate; emailAddress=jkasik@redhat.com * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x15ec380) > GET / HTTP/2 > Host: node1_javaserver:8443 > User-Agent: curl/7.61.0-DEV > Accept: */* > * Connection state changed (MAX_CONCURRENT_STREAMS == 200)! * Connection #0 to host node1_javaserver left intact curl: (16) Error in the HTTP2 framing layer
Certificates and keys
See certs.zip
