Java 17+ SSL Issue with Version 2019.3.2

Questions and Answers on installation, deployment, management, locking, tranasactions of Servoy Application Server

Java 17+ SSL Issue with Version 2019.3.2

Postby bcusick » Tue Dec 10, 2024 6:11 pm

Hey Guys,

I have a customer using an older version of Servoy (version 2019.3.2 LTS-releaseNumber 3414) - who uses WebClient only solutions. They have a valid SSL cert - and the server is using the default 8443 port, and they are still running Java 8. Everything has been GREAT for years.

THE PROBLEM: When I try to install Java 17 (or 21 or 23) - the SSL just stops working. I can hit the default 8080 port, but not the SSL. I suspect it's because there are outdated .jar files - can anyone point me in the right direction?

Thanks!

Bob Cusick
Bob Cusick
bcusick
 
Posts: 1262
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby jcompagner » Tue Dec 10, 2024 6:21 pm

but this is tomcat, does tomcat not complain?
Maybe its an older ssl certificate where some Cipher Suites are disabled or something now?

what happens if you really just hit "8443" in the url? so you force that port?
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8892
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby bcusick » Tue Dec 10, 2024 6:32 pm

If I hit 8443 explicitly - then there is no response error in the browser. Servoy is started as a service, there is no error in the log, no error in the service log and when I hit servoy-admin on 8080, on Network Setting it says "SSL initialized ok."

BTW: The cert is brand new (as of early November) and works fine in Java 8.
Bob Cusick
bcusick
 
Posts: 1262
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby jcompagner » Tue Dec 10, 2024 7:14 pm

no that ssl (on the admin page) has nothing to do with the https that you use in tomcat.
That one in tomcat is configured in the server.xml file, so this section:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8892
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby bcusick » Tue Dec 10, 2024 7:17 pm

Here's the connector setting from the server.xml:

<Connector port="8443" maxThreads="150" protocol="HTTP/1.1" keystorePass="passwordHere" keystoreFile="C:/SSL/servoy_ssl.jks" sslProtocol="TLS" clientAuth="false" secure="true" scheme="https" SSLEnabled="true"/>
Bob Cusick
bcusick
 
Posts: 1262
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby jcompagner » Tue Dec 10, 2024 7:25 pm

so yes that should then work and if that doesn't work then i expect that that is logged in 1 of the tomcat logs (like catalina.log)

That does seem to be a quite old tomcat (all configs that i see look different)
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8892
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby bcusick » Tue Dec 10, 2024 7:31 pm

The "logs" (access log) is useless. I'm not seeing another log...

Is there a way I can update the Tomcat to a newer version without updating Servoy?

Should I try updating Servoy to a later specific version with an updated Tomcat?

What's the best way to solve this?

THANKS, Johan!

Bob
Bob Cusick
bcusick
 
Posts: 1262
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby jcompagner » Wed Dec 11, 2024 10:14 am

the best way is to use WAR export and then install a new tomcat (Tomcat 9.x version) and deploy the WAR on top of that
And then configure that tomcat correctly with the right keystore
you can also update the tomcat in side servoy, for that you need to update the application_server/server/lib folder and so on (and also check the bin and the conf folders if stuff is changed in that)

But for me its very weird that it suddenly doesn't work with a newer java. So if you start the application server with java 8 it works, start with java 17 it fails? Nothing else really changed (you can just toggle and see it happening?)
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8892
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby bcusick » Wed Dec 11, 2024 5:34 pm

Thanks, Johan! I tried Java 17 - same issue. What version of Servoy has a later Tomcat that still supports WebClient?

Perhaps that's the best answer for me - since I don't want to do WAR deployment and I just need to be able to move to a newer version of Java...

Thanks again for all your help!

Bob
Bob Cusick
bcusick
 
Posts: 1262
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby jcompagner » Wed Dec 11, 2024 6:56 pm

The latest Servoy 2024.03 LTS is the last one that supports WebClient, it sill hasn't really the latest applicaiton_server build in because that one is not really updated. (i think its 8.5.99)
)
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8892
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby bcusick » Wed Dec 11, 2024 10:39 pm

OK - I'll see if an upgrade will help.

Again - I REALLY appreciate your helpful answers!

Bob
Bob Cusick
bcusick
 
Posts: 1262
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby bcusick » Fri Dec 13, 2024 12:03 am

Hey Johan,

I did a fresh install of 2020.03.2LTS - and I'm running Java 17.

I added the HTTPS Connection in Server.XML. Then I manually started the server using the server.bat file. I can hit http://localhost:8080 and see the servoy graphic. When I try to run http://localhost:8080/servoy-admin/ - I get a 404.

When I try to hit https://localhost:8443 - I get a ERR_SSL_PROTOCOL_ERROR and "localhost send an invalid response". In the Servoy Server cmd window I see this:

Code: Select all
Dec 12, 2024 1:55:19 PM org.apache.coyote.http11.Http11Processor service
INFO: Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
        at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:430)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:502)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.base/java.lang.Thread.run(Thread.java:842)



If I uninstall Java 17 and go back to Java 8 - EVERYTHING WORKS FINE.

Any ideas on what's going on?

WIndows Server 2022 Standard
16GM RAM
Java 17
Bob Cusick
bcusick
 
Posts: 1262
Joined: Wed Apr 23, 2003 11:27 pm
Location: Thousand Oaks, CA USA

Re: Java 17+ SSL Issue with Version 2019.3.2

Postby jcompagner » Tue Dec 17, 2024 11:45 am

i just think you just run a to old of tomcat (that we ship) in 2020
You can try to update that one to the latest 8.5 release (or even newer) by just overwriting the jars in the application_server\lib folder (and also check the conf folder)
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8892
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet


Return to Servoy Server

Who is online

Users browsing this forum: No registered users and 6 guests

cron