[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: AW: Tomcat 10 with Http2 and compression sometimes closes connection with Firefox
From:       Mark Thomas <markt () apache ! org>
Date:       2022-06-30 6:40:22
Message-ID: 9cce908a-c046-5639-3266-b1ce121c636c () apache ! org
[Download RAW message or body]

On 27/06/2022 21:49, Thomas Hoffmann (Speed4Trade GmbH) wrote:
> Von: Mark Thomas <markt@apache.org>
> > On 26/06/2022 15:59, Thomas Hoffmann (Speed4Trade GmbH) wrote:

<snip/>

> > > Problem:
> > > When opening a webpage at a new Tab, Firefox sometimes doesn't load
> > > the full page from Tomcat 10
> > > 
> > > Observation / Circumstances:
> > > - Doesn't happen with Tomcat 9 (tested up to 9.0.64)
> > > - Problem showed up after upgrading from Tomcat 9.0.56 to 10.0.16
> > > - Tomcat 10.0.16 also showed a stacktrace in the logfile
> > > 07-Mar-2022 07:24:01.780 SCHWERWIEGEND [https-openssl-nio-443-
> > exec-21] org.apache.catalina.core.ApplicationDispatcher.invoke
> > Servlet.service() for servlet [jsp] threw exception
> > > 	java.lang.IllegalStateException: Connection [66], Stream [113],
> > Unable to write to stream once it has been closed
> > > 		at
> > org.apache.coyote.http2.Stream$StreamOutputBuffer.doWrite(Stream.java:
> > 843)

<snip/>

> > > - The stack is probably related but not the cause of the issue
> > > - The stacktrace was not logged any more with Tomcat 10.0.18 (but
> > > problem stayed)
> > > - The problem only occurs with HTTP2
> > > - It also only occurs when http compression is activated
> > > (compression="force" or "on")
> > > - a provided debug-log of HTTP2 (loglevel FINE) didn't narrow down the
> > > issue
> > > 
> > > 
> > > This week I found time for digging down into the rabbit hole and also was
> > able to create an almost static application.
> > > 
> > > I did several network traces and it followed the following scheme:
> > > 1) Main page was requested by Firefox from Tomcat (GET ...)
> > > 2) Tomcat sends the first compressed chunks of data to the browser
> > > 3) Firefox reads the first packages and notices, that additional
> > > resources are needed (CSS, JS ...)
> > > 4) While Tomcat is still sending the main page in chunks, the browser
> > > is already requesting additional resources on other channels
> > > 5) Firefox is sending a RST_STREAM and closes that last requested
> > > stream(s)  (dunno why it does request first and then closes the
> > > channel)
> > > 6) Tomcat is sending a GoAway message to the browser
> > > 7) Tomcat stops also sending the main page (on a different channel)
> > > 
> > > Shouldn't tomcat just close the requested stream and continue serving the
> > other stream(s)?
> > > Looks like Tomcat got upset and also closed the other stream :)
> > > 
> > > Pcap-file is available at
> > https://privfile.com/download.php?fid=62b8721f9f29a-MTM1NTk=  for
> > around 2 weeks.
> > > I could also provide an almost static app which relatively often shows this
> > issue (after several trials). As it contains some internal CI and stuff, I could
> > sent it to a personal address.
> > > I tested with Win10 and Win11, FF 101, Tomcat 10.0.16
> > 
> > I am currently working on some HTTP/2 test failures that might be relevant.
> > Can you re-test with this additional attribute set on the Connector element:
> > 
> > useAsyncIO="false"

<snip/>

> Hello Mark,
> despite  this setting, the problem can still be reproduced.
> My connector looked like:
> 	<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
> maxThreads="150" minSpareThreads="25"   URIEncoding="UTF-8" \
> useBodyEncodingForURI="false" enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> SSLEnabled="true" useAsyncIO="false"
> compression="force">
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"  />
> <SSLHostConfig ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:EC \
> DHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY130 \
> 5:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
> disableSessionTickets="true" honorCipherOrder="false"
> protocols="+TLSv1.2,+TLSv1.3">
> <Certificate certificateKeyFile="conf\localhost.key"
> certificateFile=" conf\localhost.pem"
> type="RSA"    />
> </SSLHostConfig>
> </Connector>
> 
> Maybe the wireshark trace above can provide some hints or ideas.
> If I can test something else or if I should send you the sample app, just drop a \
> line.

I think I'm going to need the sample app to investigate this.

markt@apache.org

Thanks,

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]