问题
I have a web application (spring-boot, tomcat) which is working and reachable through https without problems, but only if the client is not inside mobile network of vodafone and browsing with chrome. If so, when navigating to the page, chrome gives a timeout and simply cannot reach the website, whereas another browser has no problems reaching the site.
Some interesting facts may be: - i updated to java11, using adoptopenjdk v11.0.3 (maybe some problems related to tls 1.3?) - before the update it was probably working with all combinations of mobile network / browser - the ssl handshake fails, some exceptions which appear sometimes (not always) in the log are attached. - happens only when browsing through chrome in vodafone mobile network, even when creating a hotspot on that device and surfing with another device through that hotspot will also not work - the certificate chain is incomplete, a test run under https://www.ssllabs.com gets a B grade.
Did anyone also had similar issues? Any ideas what is going wrong here? Any help is highly appreciated.
Directly browsing to the site by its ip also didn't help.
java.util.NoSuchElementException: No value present
at java.base/java.util.Optional.get(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.ServerHello$T13ServerHelloProducer.produce(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.SSLHandshake.produce(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
at java.base/java.security.AccessController.doPrivileged(Native Method) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source) ~[na:na]
at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:423) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:483) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1724) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) ~[na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at java.base/java.lang.Thread.run(Unknown Source) ~[na:na]
and
java.nio.BufferUnderflowException: null
at java.base/java.nio.Buffer.nextGetIndex(Unknown Source) ~[na:na]
at java.base/java.nio.HeapByteBuffer.get(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.ClientHello$ClientHelloMessage.<init>(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
at java.base/java.security.AccessController.doPrivileged(Native Method) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source) ~[na:na]
at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:423) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:483) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1724) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) ~[na:na]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
at java.base/java.lang.Thread.run(Unknown Source) ~[na:na]
Also, another warning in the logs is about:
The ClientHello was not presented in a single TLS record so no SNI information could be extracted
回答1:
Looks like the ClientHello handshake message was split into multiple record. Would you please attach the debug log of the failed connection (using System property "javax.net.debug=all)?
回答2:
As it turned out, it was a combination of the provider (vodafone) + tls 1.3 + java 11 After changing the config and using tls 1.2 again, it worked again. This is no fix at all, but gives us more time to investigate the exact reason
来源:https://stackoverflow.com/questions/56890375/http-connection-timeout-only-when-mobile-client-surfing-from-vodafone-network