Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
4.5.3, 4.5.6
-
None
-
None
-
Windows
Description
- Set up a clean Apache Tomcat server, in my case I downloaded 8.5.37.
- Setup and change the server.xml to setup HTTPS/TLS 1.3 connector, I have this section:
<Connector port="8443" protocol="HTTP/1.1" scheme="https" secure="true"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig ciphers="TLS_AES_256_GCM_SHA384" protocols="TLSv1.3" sslProtocol="TLS">
<Certificate certificateKeystoreFile="conf/.keystore" certificateKeystoreType="jks"/>
</SSLHostConfig>
</Connector>
3. Connect from Chrome or Firefox, able to verify browser can connect to the server with TLSv1.3 cipher suites.
4. Use a test program, such as the attached. Update the URL to point to the TLS1.3 supported server. Run the program, Notice the behavior.
The stacktrace of the Exception:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at java.base/sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:526)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:464)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:394)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at TestHttpClient.makeRequest(TestHttpClient.java:33)
at TestHttpClient.main(TestHttpClient.java:18)
(Note, I am using java 11 for both the server and the client where TLSv1.3 is supported)