Http Connection Timeout only when mobile client surfing from vodafone network + google chrome

无人久伴 提交于 2021-02-11 15:25:44

问题


I have a web application (spring-boot, tomcat) which is working and reachable through https without problems, but only if the client is not inside mobile network of vodafone and browsing with chrome. If so, when navigating to the page, chrome gives a timeout and simply cannot reach the website, whereas another browser has no problems reaching the site.

Some interesting facts may be: - i updated to java11, using adoptopenjdk v11.0.3 (maybe some problems related to tls 1.3?) - before the update it was probably working with all combinations of mobile network / browser - the ssl handshake fails, some exceptions which appear sometimes (not always) in the log are attached. - happens only when browsing through chrome in vodafone mobile network, even when creating a hotspot on that device and surfing with another device through that hotspot will also not work - the certificate chain is incomplete, a test run under https://www.ssllabs.com gets a B grade.

Did anyone also had similar issues? Any ideas what is going wrong here? Any help is highly appreciated.

Directly browsing to the site by its ip also didn't help.

java.util.NoSuchElementException: No value present
    at java.base/java.util.Optional.get(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ServerHello$T13ServerHelloProducer.produce(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLHandshake.produce(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
    at java.base/java.security.AccessController.doPrivileged(Native Method) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source) ~[na:na]
    at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:423) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:483) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1724) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) ~[na:na]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at java.base/java.lang.Thread.run(Unknown Source) ~[na:na]

and

java.nio.BufferUnderflowException: null
    at java.base/java.nio.Buffer.nextGetIndex(Unknown Source) ~[na:na]
    at java.base/java.nio.HeapByteBuffer.get(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$ClientHelloMessage.<init>(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) ~[na:na]
    at java.base/java.security.AccessController.doPrivileged(Native Method) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source) ~[na:na]
    at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:423) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:483) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:238) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1724) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) ~[na:na]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.19.jar!/:9.0.19]
    at java.base/java.lang.Thread.run(Unknown Source) ~[na:na]

Also, another warning in the logs is about:

The ClientHello was not presented in a single TLS record so no SNI information could be extracted

回答1:


Looks like the ClientHello handshake message was split into multiple record. Would you please attach the debug log of the failed connection (using System property "javax.net.debug=all)?




回答2:


As it turned out, it was a combination of the provider (vodafone) + tls 1.3 + java 11 After changing the config and using tls 1.2 again, it worked again. This is no fix at all, but gives us more time to investigate the exact reason



来源:https://stackoverflow.com/questions/56890375/http-connection-timeout-only-when-mobile-client-surfing-from-vodafone-network

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!