Here is the trace occurs with Http2 true and false. Issue seems to be
javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
2016-12-10 11:03:03.669 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@342f8479
2016-12-10 11:03:03.670 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Selected key sun.nio.ch.SelectionKeyImpl@611889f4 for
sun.nio.ch.ServerSocketChannelImpl[/127.0.0.1:8443]
2016-12-10 11:03:03.670 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@5c0faa95
2016-12-10 11:03:03.670 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@342f8479
2016-12-10 11:03:03.670 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task
org.xnio.nio.QueuedNioTcpServer$1@52c85f64
2016-12-10 11:03:03.670 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@342f8479
2016-12-10 11:03:03.671 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking
listener Delegating channel listener -> Accepting listener for
io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel TCP
server (NIO) <13f5555f>
2016-12-10 11:03:03.671 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Selected key sun.nio.ch.SelectionKeyImpl@611889f4 for
sun.nio.ch.ServerSocketChannelImpl[/127.0.0.1:8443]
2016-12-10 11:03:03.671 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking
listener Accepting listener for
io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel
io.undertow.protocols.ssl.UndertowAcceptingSslChannel@328f1eb6
2016-12-10 11:03:03.671 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@342f8479
2016-12-10 11:03:03.674 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking
listener io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on
channel io.undertow.protocols.ssl.UndertowSslConnection@53f69e92
2016-12-10 11:03:03.675 [XNIO-1 I/O-2] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@49c6180b
2016-12-10 11:03:03.675 [XNIO-1 I/O-4] TRACE io.undertow.request - Opened
connection with /127.0.0.1:56854
2016-12-10 11:03:03.676 [XNIO-1 I/O-2] TRACE org.xnio.nio - Running task
org.xnio.nio.QueuedNioTcpServer$1@52c85f64
2016-12-10 11:03:03.681 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@5c0faa95 (with timeout)
2016-12-10 11:03:03.681 [XNIO-1 I/O-2] TRACE org.xnio.listener - Invoking
listener Delegating channel listener -> Accepting listener for
io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel TCP
server (NIO) <13f5555f>
2016-12-10 11:03:03.683 [XNIO-1 I/O-2] TRACE org.xnio.listener - Invoking
listener Accepting listener for
io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel
io.undertow.protocols.ssl.UndertowAcceptingSslChannel@328f1eb6
2016-12-10 11:03:03.685 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@5c0faa95
2016-12-10 11:03:03.688 [XNIO-1 I/O-2] TRACE org.xnio.listener - Invoking
listener io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on
channel io.undertow.protocols.ssl.UndertowSslConnection@3ac7f450
2016-12-10 11:03:03.688 [XNIO-1 I/O-2] TRACE io.undertow.request - Opened
connection with /127.0.0.1:56856
2016-12-10 11:03:03.690 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector -
Selected key sun.nio.ch.SelectionKeyImpl@673b2384 for
java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/
127.0.0.1:56854]
2016-12-10 11:03:03.691 [XNIO-1 I/O-2] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@49c6180b (with timeout)
2016-12-10 11:03:03.692 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking
listener io.undertow.server.protocol.http.HttpReadListener@255c6481 on
channel org.xnio.conduits.ConduitStreamSourceChannel@1b4554ad
2016-12-10 11:03:03.692 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@5c0faa95 (with timeout)
2016-12-10 11:03:03.696 [XNIO-1 I/O-2] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@49c6180b
2016-12-10 11:03:03.696 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@5c0faa95
2016-12-10 11:03:03.696 [XNIO-1 I/O-2] TRACE org.xnio.nio - Running task
io.undertow.protocols.ssl.SslConduit$5$1@32b59207
2016-12-10 11:03:03.696 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task
io.undertow.protocols.ssl.SslConduit$5$1@7c204b59
2016-12-10 11:03:03.696 [XNIO-1 I/O-2] TRACE io.undertow.request.io -
Exception closing read side of SSL channel
javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
at
io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:612)
at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java:983)
at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java:1078)
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:799)
at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:645)
at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)
at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1045)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:580)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:464)
2016-12-10 11:03:03.697 [XNIO-1 I/O-4] TRACE io.undertow.request.io -
Exception closing read side of SSL channel
javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
at
io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:612)
at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java:983)
at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java:1078)
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:799)
at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:645)
at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)
at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1045)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:580)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:464)
2016-12-10 11:03:03.697 [XNIO-1 I/O-2] TRACE org.xnio.listener - Invoking
listener io.undertow.server.AbstractServerConnection$CloseSetter@55df2063
on channel io.undertow.protocols.ssl.UndertowSslConnection@3ac7f450
2016-12-10 11:03:03.698 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking
listener io.undertow.server.AbstractServerConnection$CloseSetter@42277317
on channel io.undertow.protocols.ssl.UndertowSslConnection@53f69e92
2016-12-10 11:03:03.698 [XNIO-1 I/O-2] TRACE org.xnio.safe-close - Closing
resource org.xnio.nio.NioSocketStreamConnection@50bf3bfc
2016-12-10 11:03:03.698 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing
resource org.xnio.nio.NioSocketStreamConnection@4196fbe
2016-12-10 11:03:03.698 [XNIO-1 I/O-2] TRACE org.xnio.nio - Cancelling key
sun.nio.ch.SelectionKeyImpl@4805f11b of
java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/
127.0.0.1:56856] (same thread)
2016-12-10 11:03:03.698 [XNIO-1 I/O-4] TRACE org.xnio.nio - Cancelling key
sun.nio.ch.SelectionKeyImpl@673b2384 of
java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/
127.0.0.1:56854] (same thread)
2016-12-10 11:03:03.699 [XNIO-1 I/O-2] TRACE org.xnio.safe-close - Closing
resource io.undertow.protocols.ssl.UndertowSslConnection@3ac7f450
2016-12-10 11:03:03.699 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@342f8479
2016-12-10 11:03:03.699 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing
resource io.undertow.protocols.ssl.UndertowSslConnection@53f69e92
2016-12-10 11:03:03.699 [XNIO-1 Accept] TRACE org.xnio.nio - Running task
org.xnio.nio.QueuedNioTcpServer$2@1ce2a083
2016-12-10 11:03:03.699 [XNIO-1 I/O-2] TRACE org.xnio.nio - Running task
io.undertow.protocols.ssl.SslConduit$1@77593ca5
2016-12-10 11:03:03.700 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task
io.undertow.protocols.ssl.SslConduit$1@3548b3ac
2016-12-10 11:03:03.700 [XNIO-1 Accept] TRACE org.xnio.nio - Running task
org.xnio.nio.QueuedNioTcpServer$2@1ce2a083
2016-12-10 11:03:03.700 [XNIO-1 I/O-2] TRACE org.xnio.listener - Invoking
listener io.undertow.server.protocol.http.HttpReadListener@6962bde3 on
channel org.xnio.conduits.ConduitStreamSourceChannel@45125494
2016-12-10 11:03:03.700 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking
listener io.undertow.server.protocol.http.HttpReadListener@255c6481 on
channel org.xnio.conduits.ConduitStreamSourceChannel@1b4554ad
2016-12-10 11:03:03.700 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@342f8479
2016-12-10 11:03:03.701 [XNIO-1 I/O-2] TRACE org.xnio.safe-close - Closing
resource io.undertow.server.protocol.http.HttpServerConnection@6cdbf711
2016-12-10 11:03:03.701 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing
resource io.undertow.server.protocol.http.HttpServerConnection@4bcc5cdf
2016-12-10 11:03:03.701 [XNIO-1 I/O-2] TRACE org.xnio.nio - Running task
io.undertow.protocols.ssl.SslConduit$2@52d9523b
2016-12-10 11:03:03.702 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task
io.undertow.protocols.ssl.SslConduit$2@320a217a
2016-12-10 11:03:03.702 [XNIO-1 I/O-2] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@49c6180b
2016-12-10 11:03:03.702 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@5c0faa95
2016-12-10 11:03:03.714 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@342f8479
2016-12-10 11:03:03.715 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Selected key sun.nio.ch.SelectionKeyImpl@611889f4 for
sun.nio.ch.ServerSocketChannelImpl[/127.0.0.1:8443]
2016-12-10 11:03:03.716 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@342f8479
2016-12-10 11:03:03.717 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@5c0faa95
2016-12-10 11:03:03.718 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task
org.xnio.nio.QueuedNioTcpServer$1@52c85f64
2016-12-10 11:03:03.719 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking
listener Delegating channel listener -> Accepting listener for
io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel TCP
server (NIO) <13f5555f>
2016-12-10 11:03:03.719 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking
listener Accepting listener for
io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on channel
io.undertow.protocols.ssl.UndertowAcceptingSslChannel@328f1eb6
2016-12-10 11:03:03.721 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking
listener io.undertow.server.protocol.http.HttpOpenListener@56f7c1e5 on
channel io.undertow.protocols.ssl.UndertowSslConnection@d84c5d1
2016-12-10 11:03:03.721 [XNIO-1 I/O-4] TRACE io.undertow.request - Opened
connection with /127.0.0.1:56858
2016-12-10 11:03:03.724 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@5c0faa95 (with timeout)
2016-12-10 11:03:03.728 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@5c0faa95
2016-12-10 11:03:03.728 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task
io.undertow.protocols.ssl.SslConduit$5$1@47e5be01
2016-12-10 11:03:03.729 [XNIO-1 I/O-4] TRACE io.undertow.request.io -
Exception closing read side of SSL channel
javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
at
io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:612)
at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java:983)
at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java:1078)
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:799)
at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:645)
at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)
at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1045)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:580)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:464)
2016-12-10 11:03:03.729 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking
listener io.undertow.server.AbstractServerConnection$CloseSetter@3457fbeb
on channel io.undertow.protocols.ssl.UndertowSslConnection@d84c5d1
2016-12-10 11:03:03.729 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing
resource org.xnio.nio.NioSocketStreamConnection@1fd60afd
2016-12-10 11:03:03.729 [XNIO-1 I/O-4] TRACE org.xnio.nio - Cancelling key
sun.nio.ch.SelectionKeyImpl@7da1dc1a of
java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/
127.0.0.1:56858] (same thread)
2016-12-10 11:03:03.730 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing
resource io.undertow.protocols.ssl.UndertowSslConnection@d84c5d1
2016-12-10 11:03:03.730 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Selected on sun.nio.ch.KQueueSelectorImpl@342f8479
2016-12-10 11:03:03.730 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task
io.undertow.protocols.ssl.SslConduit$1@11f5487
2016-12-10 11:03:03.730 [XNIO-1 Accept] TRACE org.xnio.nio - Running task
org.xnio.nio.QueuedNioTcpServer$2@1ce2a083
2016-12-10 11:03:03.730 [XNIO-1 I/O-4] TRACE org.xnio.listener - Invoking
listener io.undertow.server.protocol.http.HttpReadListener@6b60e713 on
channel org.xnio.conduits.ConduitStreamSourceChannel@60e3d137
2016-12-10 11:03:03.731 [XNIO-1 Accept] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@342f8479
2016-12-10 11:03:03.731 [XNIO-1 I/O-4] TRACE org.xnio.safe-close - Closing
resource io.undertow.server.protocol.http.HttpServerConnection@4f4dae34
2016-12-10 11:03:03.732 [XNIO-1 I/O-4] TRACE org.xnio.nio - Running task
io.undertow.protocols.ssl.SslConduit$2@348d6036
2016-12-10 11:03:03.732 [XNIO-1 I/O-4] TRACE org.xnio.nio.selector -
Beginning select on sun.nio.ch.KQueueSelectorImpl@5c0faa95
On Sat, Dec 10, 2016 at 10:58 AM, Hicks, Matt <matt(a)matthicks.com> wrote:
Thanks Bill....I don't feel as crazy now. ;)
On Sat, Dec 10, 2016 at 9:51 AM Bill O'Neil <bill(a)dartalley.com> wrote:
> Oops I forgot
https://localhost:8443. Now it is giving me localhost
> unexpectedly closed the connection. With no errors. I also don't have a
> cert set up but I would think that should throw an error?
>
> The on startup JDK9 issue is still there.
>
> On Sat, Dec 10, 2016 at 10:45 AM, Bill O'Neil <bill(a)dartalley.com> wrote:
>
> Matt did you try turning on logging? Here are the two errors I get.
> Stuart maybe you can help from this I don't know much about SSL.
>
> This error is on server start. I'm running JDK 8.
>
> java.lang.NoSuchMethodException: javax.net.ssl.SSLParameters.
> setApplicationProtocols([Ljava.lang.String;)
> at java.lang.Class.getMethod(Class.java:1786)
> at io.undertow.protocols.alpn.JDK9AlpnProvider$1.run(
> JDK9AlpnProvider.java:47)
> at io.undertow.protocols.alpn.JDK9AlpnProvider$1.run(
> JDK9AlpnProvider.java:43)
> at java.security.AccessController.doPrivileged(Native Method)
> at io.undertow.protocols.alpn.JDK9AlpnProvider.<clinit>(
> JDK9AlpnProvider.java:43)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(
> NativeConstructorAccessorImpl.java:62)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
> DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at java.lang.Class.newInstance(Class.java:442)
> at java.util.ServiceLoader$LazyIterator.nextService(
> ServiceLoader.java:380)
> at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:404)
> at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
> at io.undertow.protocols.alpn.ALPNManager.<init>(ALPNManager.java:40)
> at io.undertow.protocols.alpn.ALPNManager.<clinit>(ALPNManager.java:35)
> at io.undertow.server.protocol.http.AlpnOpenListener.<init>(
> AlpnOpenListener.java:67)
> at io.undertow.server.protocol.http.AlpnOpenListener.<init>(
> AlpnOpenListener.java:90)
> at io.undertow.Undertow.start(Undertow.java:177)
> at com.dartalley.function.Http2Server.main(Http2Server.java:70)
>
>
> The following errors happen on request to the localhost:8443 from Matt's
> code which leads to an empty response.
>
> 10:42:29.083 [XNIO-1 I/O-2] DEBUG io.undertow.request.io - UT005013: An
> IOException occurred
> javax.net.ssl.SSLHandshakeException: UT000140: Initial SSL/TLS data is
> not a handshake record
> at io.undertow.protocols.ssl.ALPNHackClientHelloExplorer.
> exploreClientHello(ALPNHackClientHelloExplorer.java:84)
> at io.undertow.protocols.ssl.ALPNHackSSLEngine.unwrap(
> ALPNHackSSLEngine.java:205)
> at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:729)
> at io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:567)
> at org.xnio.conduits.ConduitStreamSourceChannel.read(
> ConduitStreamSourceChannel.java:127)
> at io.undertow.server.protocol.http.AlpnOpenListener$
> AlpnConnectionListener.handleEvent(AlpnOpenListener.java:280)
> at io.undertow.server.protocol.http.AlpnOpenListener.
> handleEvent(AlpnOpenListener.java:249)
> at io.undertow.server.protocol.http.AlpnOpenListener.
> handleEvent(AlpnOpenListener.java:60)
> at org.xnio.ChannelListeners.invokeChannelListener(
> ChannelListeners.java:92)
> at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291)
> at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
> at org.xnio.ChannelListeners.invokeChannelListener(
> ChannelListeners.java:92)
> at org.xnio.ChannelListeners$DelegatingChannelListener.
> handleEvent(ChannelListeners.java:1092)
> at org.xnio.ChannelListeners.invokeChannelListener(
> ChannelListeners.java:92)
> at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:128)
> at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:580)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:464)
> 10:42:29.091 [XNIO-1 I/O-4] DEBUG io.undertow.request - UT005013: An
> IOException occurred
> javax.net.ssl.SSLHandshakeException: UT000140: Initial SSL/TLS data is
> not a handshake record
> at io.undertow.protocols.ssl.ALPNHackClientHelloExplorer.
> exploreClientHello(ALPNHackClientHelloExplorer.java:84)
> at io.undertow.protocols.ssl.ALPNHackSSLEngine.unwrap(
> ALPNHackSSLEngine.java:205)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
> at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:748)
> at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:645)
> at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)
> at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(
> SslConduit.java:1097)
> at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:559)
> 10:42:29.100 [XNIO-1 I/O-2] DEBUG io.undertow.request - UT005013: An
> IOException occurred
> javax.net.ssl.SSLHandshakeException: UT000140: Initial SSL/TLS data is
> not a handshake record
> at io.undertow.protocols.ssl.ALPNHackClientHelloExplorer.
> exploreClientHello(ALPNHackClientHelloExplorer.java:84)
> at io.undertow.protocols.ssl.ALPNHackSSLEngine.unwrap(
> ALPNHackSSLEngine.java:205)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
> at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:748)
> at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:645)
> at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)
> at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(
> SslConduit.java:1097)
> at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:559)
>
>
> On Sat, Dec 10, 2016 at 10:15 AM, Hicks, Matt <matt(a)matthicks.com> wrote:
>
> I've updated to 1.4.7.Final, I switched to passing an Array of
> keyManagers and an Array of trustManagers, I've tried commenting out
> ENABLE_HTTP2, I've installed the JCE Unlimited Strength (and verified it's
> being used) and I'm consistently getting ERR_CONNECTION_CLOSED when I try
> to connect to
https://localhost:8443
>
> If I connect to
http://localhost:8080 then I get the expected "Hello,
> World!". If someone could just test that snippet and tell me if they can
> repeat the problem it would be greatly appreciated.
>
> On Fri, Dec 9, 2016 at 5:30 PM Hicks, Matt <matt(a)matthicks.com> wrote:
>
> Stuart, I don't think I have the JCE Unlimited Strength policy files
> installed. I'll look into seeing if that's the problem. I am currently
> using 1.4.6.Final. I commented out enabling of HTTP2 but I'm still getting
> the same problem. It will probably be tomorrow before I can get the JCE
> Unlimited Strength installed, but either way I should be seeing an error
> but I am not.
>
> Can you check that code snippet I posted? It's a simplified version of
> the example you sent me previously that just outputs "Hello, World!". If
> you're able to run it and it works then perhaps there's something wrong in
> my machine configuration, but I'd like some confirmation.
>
> On Fri, Dec 9, 2016 at 4:30 PM Stuart Douglas <sdouglas(a)redhat.com>
> wrote:
>
> I just released 1.4.7.Final that should fix the ClassCastException that
> you were seeing.
>
> Your example code should work. What version of Undertow are you using,
> and do you have the JCE unlimited strength ciphers installed?
>
> Some versions of Undertow would attempt to enable HTTP/2 even if the
> required ciphers were not installed, which would result in a connection
> error as HTTP/2 would be negotiated with an incorrect cipher, and the
> browser will kill the connection as a result. This could be fixed by either
> installing the JCE unlimited strength policy files, or by disabling HTTP/2.
>
> Stuart
>
> On Sat, Dec 10, 2016 at 9:00 AM, Hicks, Matt <matt(a)matthicks.com> wrote:
>
> Michael, where are you getting SSLContextFactory from? I assumed it was
> something built-in or available in Undertow.
>
> On Fri, Dec 9, 2016 at 1:08 PM Hicks, Matt <matt(a)matthicks.com> wrote:
>
> Thanks guys. Michael, I'll try your code here in a bit to see if it
> makes any difference.
>
> On Fri, Dec 9, 2016 at 12:49 PM Michael Grove <mike(a)stardog.com> wrote:
>
> Prematurely hit send!
>
> On Fri, Dec 9, 2016 at 1:43 PM, Michael Grove <mike(a)stardog.com> wrote:
>
>
>
> On Fri, Dec 9, 2016 at 1:11 PM, Hicks, Matt <matt(a)matthicks.com> wrote:
>
> Hi Michael, thanks for the response. What version of Undertow are you
> using?
>
>
> I'm using 1.3.20, so I'm a bit behind.
>
>
> Are you overriding the SSL certificate storage or using the example's?
>
>
> I'm just creating the SSLContext that's passed to the builder via
> addHttpsListener directly from the standard JVM properties, eg
> javax.net.ssl.keyStore
>
>
> This is the basic code for that:
>
> public static SSLContext createSSLContext(final Options theOptions)
> throws SSLException {
> return SSLContextFactory.createSSLContext(theOptions.get(ServerOptions.
> KEY_STORE_TYPE),
> theOptions.get(ServerOptions.KEY_STORE),
> theOptions.get(ServerOptions.KEY_STORE_PASSWD),
> theOptions.get(ServerOptions.TRUST_STORE_TYPE),
> theOptions.get(ServerOptions.TRUST_STORE),
> theOptions.get(ServerOptions.TRUST_STORE_PASSWD));
> }
>
> I tweak the XNIO properties for SSL in the event the user needs client
> auth:
>
> aBuilder.setWorkerOption(org.xnio.Options.SSL_CLIENT_AUTH_MODE,
> SslClientAuthMode.REQUIRED);
>
> At that point, it works nicely.
>
>
>
>
>
> Would you mind terribly trying the exact code snippet and see if it works
> for you? This is very confusing if it's a problem on my end...especially
> since HTTP works fine.
>
>
> I can try to run it over the weekend, I'm a bit swamped with day to day
> stuff atm.
>
> Cheers,
>
> Mike
>
>
>
> On Fri, Dec 9, 2016 at 11:59 AM Michael Grove <mike(a)stardog.com> wrote:
>
> On Fri, Dec 9, 2016 at 10:24 AM, Hicks, Matt <matt(a)matthicks.com> wrote:
>
> Yeah, I'm pretty sure Undertow's support for SSL is broken!
>
>
> It's working fine for me, and I'm using a setup almost exactly like
> what's shown in the examples.
>
>
> I copied and pasted the example into my project and am getting the same
> results. I modified it to not do any proxying, but the server isn't
> responding properly and my anonymous HttpHandler is never invoked:
>
>
https://gist.github.com/darkfrog26/e17c1efb0d5606caeb56e903bff970a7
>
> This is incredibly frustrating. Stuart, tell me if I shouldn't be using
> Undertow for SSL support and I'll start migrating to wrap with nginx.
>
> On Thu, Dec 8, 2016 at 8:00 PM Stuart Douglas <sdouglas(a)redhat.com>
> wrote:
>
> Here is an example:
>
>
https://github.com/undertow-io/undertow/blob/master/
> examples/src/main/java/io/undertow/examples/http2/Http2Server.java
>
> Looks like you have run into a bug, with regard to the
> ClassCastException, you need to use the version that take
>
>