Tomcat8.5配置https时包 java.lang.IllegalStateException: SSL session ID not available错误的解决

Tomcat8.5配置https时包 java.lang.IllegalStateException: SSL session ID not available错误的解决

背景

目前开发手机App和微信小程序时调用的数据接口为了安全规范的一般都要求使用https协议访问。https = http + (TLS/SSL),比较简单的做法就是在阿里云上购买SSL证书(也可以申请免费版的,有效期是一年,对于开发测试绝对够了),然后在服务器端进行证书的配置。详情参看:https://help.aliyun.com/document_detail/98576.html?spm=5176.b62838115.0.dexternal.508c56a7Id5SQX

问题

阿里云提供的帮助手册主要是以tomcat7版本为例进行讲解的,关键配置如下:

<Connector port="443"
	    protocol="HTTP/1.1"
	    SSLEnabled="true"
	    scheme="https"
	    secure="true"
	    keystoreFile="cert/xxxx.pfx"
	    keystoreType="PKCS12"
	    keystorePass="xxxx"   
	    clientAuth="false"
	    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
	    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256" />

对于tomcat8.5中关于这部分的配置有所变化,因此这种方式在tomcat8.5中使用时会不断的在tomcat日志中出现警告。查阅帮助后发现tomcat8.5的配置如下:

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" >
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="cert/3681487_dataservice.wongoing.cn.pfx"
                         certificateKeystoreType="PKCS12"
                         certificateKeystorePassword="v30lAY2q"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

但是这样配置完毕后还有一个SSL session ID not available警告,信息如下:

03-Nov-2020 13:46:33.042 警告 [https-openssl-nio-443-exec-3] org.apache.coyote.AbstractProcessor.populateSslRequestAttributes Exception getting SSL attributes
 java.lang.IllegalStateException: SSL session ID not available
        at org.apache.tomcat.util.net.openssl.OpenSSLEngine$OpenSSLSession.getId(OpenSSLEngine.java:1048)
        at org.apache.tomcat.util.net.jsse.JSSESupport.getSessionId(JSSESupport.java:156)
        at org.apache.coyote.AbstractProcessor.populateSslRequestAttributes(AbstractProcessor.java:605)
        at org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:358)
        at org.apache.coyote.Request.action(Request.java:393)
        at org.apache.catalina.connector.Request.getAttribute(Request.java:900)
        at org.apache.catalina.connector.Request.getAttributeNames(Request.java:982)
        at com.sun.faces.application.WebappLifecycleListener.requestDestroyed(WebappLifecycleListener.java:110)
        at com.sun.faces.config.ConfigureListener.requestDestroyed(ConfigureListener.java:346)
        at org.apache.catalina.core.StandardContext.fireRequestDestroyEvent(StandardContext.java:5946)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1434)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

解决

又经过一轮问题排查,发现这是启用TLS会话票据的副作用。如果在SSLHostConfig上设置disableSessionTickets=“true”,就会看到TLS会话id,错误也会消失。完整配置如下:

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" >
        <SSLHostConfig disableSessionTickets="true">
            <Certificate certificateKeystoreFile="cert/3681487_dataservice.wongoing.cn.pfx"
                         certificateKeystoreType="PKCS12"
                         certificateKeystorePassword="v30lAY2q"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

这样就一切正常了,日志中也没有关于SSL的警告信息了。

已标记关键词 清除标记
java.lang.IllegalStateException: Illegal access: this web application instance has been stopped already. Could not load [com.mchange.v2.resourcepool.BasicResourcePool$1DestroyResourceTask]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access. at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading(WebappClassLoaderBase.java:1305) at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoading(WebappClassLoaderBase.java:1293) at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1158) at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1119) at com.mchange.v2.resourcepool.BasicResourcePool.destroyResource(BasicResourcePool.java:1040) at com.mchange.v2.resourcepool.BasicResourcePool.removeResource(BasicResourcePool.java:1507) at com.mchange.v2.resourcepool.BasicResourcePool.removeResource(BasicResourcePool.java:1477) at com.mchange.v2.resourcepool.BasicResourcePool.cullExpired(BasicResourcePool.java:1565) at com.mchange.v2.resourcepool.BasicResourcePool.access$1900(BasicResourcePool.java:44) at com.mchange.v2.resourcepool.BasicResourcePool$CullTask.run(BasicResourcePool.java:2089) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) Exception in thread "C3P0PooledConnectionPoolManager[identityToken->1hge2h29m1zvigj1c8yih|3bfe9985]-AdminTaskTimer" java.lang.NoClassDefFoundError: com/mchange/v2/resourcepool/BasicResourcePool$1DestroyResourceTask at com.mchange.v2.resourcepool.BasicResourcePool.destroyResource(BasicResourcePool.java:1040) at com.mchange.v2.resourcepool.BasicResourcePool.removeResource(BasicResourcePool.java:1507) at com.mchange.v2.resourcepool.BasicResourcePool.removeResource(BasicResourcePool.java:1477) at com.mchange.v2.resourcepool.BasicResourcePool.cullExpired(BasicResourcePool.java:1565) at com.mchange.v2.resourcepool.BasicResourcePool.access$1900(BasicResourcePool.java:44) at com.mchange.v2.resourcepool.BasicResourcePool$CullTask.run(BasicResourcePool.java:2089) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) Caused by: java.lang.ClassNotFoundException: Illegal access: this web application instance has been stopped already. Could not load [com.mchange.v2.resourcepool.BasicResourcePool$1DestroyResourceTask]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access. at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoading(WebappClassLoaderBase.java:1295) at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1158) at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1119) ... 8 more Caused by: java.lang.IllegalStateException: Illegal access: this web application instance has been stopped already. Could not load [com.mchange.v2.resourcepool.BasicResourcePool$1DestroyResourceTask]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access. at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading(WebappClassLoaderBase.java:1305) at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoading(WebappClassLoaderBase.java:1293) ... 10 more 这个问题,时不时的发生。也不知道是什么原因 自从换了C3P0连接池之后,就会发生这个问题 <property name="hibernate.connection.provider_class">org.hibernate.connection.C3P0ConnectionProvider</property> <property name="hibernate.c3p0.max_size">100</property> <property name="hibernate.c3p0.min_size">5</property> <property name="hibernate.c3p0.timeout">120</property> <property name="c3p0.maxIdleTime">1800</property> <!-- <property name="automaticTestTable">Test</property> --> <!-- JDBC的标准参数,用以控制数据源内加载的PreparedStatements数量。但由于预缓存的statements属于单个connection而不是整个连接池。所以设置这个参数需要考虑到多方面的因素。如果maxStatements与maxStatementsPerConnection均为0,则缓存被关闭。 --> <property name="hibernate.c3p0.max_statements">0</property> <!-- 每隔多少秒检查连接池中的空闲连接 --> <property name="hibernate.c3p0.idle_test_period">1800</property> <!-- 当c3p0连接池枯竭时,一次获得多少连接的数量 --> <property name="hibernate.c3p0.acquire_increment">3</property> <!-- 因性能消耗大请只在需要的时候使用它。如果设为true那么在每个connection提交的时候都将校验其有效性。建议使用idleConnectionTestPeriod或automaticTestTable等方法来提升连接测试的性能。Default: false --> <property name="c3p0.testConnectionOnCheckout">false</property> <property name="c3p0.idle"></property> <!-- 每次都验证连接是否可用 --> <property name="hibernate.c3p0.validate">false</property> <property name="dialect"> org.hibernate.dialect.SQLServerDialect </property> 我是初学者,也不知道哪里配的有问题 这也是,我第一次在CSDN上提问。望各位前辈,指点一二
©️2020 CSDN 皮肤主题: 编程工作室 设计师:CSDN官方博客 返回首页