Undertow cannot connect to backend HTTPS server when acting as a proxy
Issue
- When Undertow is configured as a reverse proxy, it cannot connect to backend servers using HTTPS/SSL.
- https://issues.jboss.org/browse/UNDERTOW-1156
2017-10-12 10:01:50,526 DEBUG [io.undertow.request.io] (default I/O-1) UT005013: An IOException occurred: java.io.IOException: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:612)
at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java:977)
at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java:1072)
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:793)
at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:643)
at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)
at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1039)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:592)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:472)
Caused by: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:610)
... 8 more
2017-10-12 10:01:50,528 ERROR [io.undertow.proxy] (default I/O-1) UT005028: Proxy request to /proxy failed: java.io.IOException: UT001000: Connection closed
at io.undertow.client.http.HttpClientConnection$ClientReadListener.handleEvent(HttpClientConnection.java:530)
at io.undertow.client.http.HttpClientConnection$ClientReadListener.handleEvent(HttpClientConnection.java:473)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1122)
at io.undertow.protocols.ssl.SslConduit$1.run(SslConduit.java:166)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:592)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:472)
2017-10-12 10:01:50,534 TRACE [io.undertow.server.HttpServerExchange] (default I/O-1) Starting to write response for HttpServerExchange{ GET /proxy request {Accept=[*/*], User-Agent=[curl/7.53.1], Host=[localhost:8080]} response {Connection=[keep-alive], X-Powered-By=[Undertow/1], Server=[JBoss-EAP/7], Content-Length=[84], Content-Type=[text/html], Date=[Thu, 12 Oct 2017 14:01:50 GMT]}}
2017-10-12 10:01:50,535 TRACE [io.undertow.client.request] (default I/O-1) flush
2017-10-12 10:01:50,536 TRACE [io.undertow.client.request] (default I/O-1) Flushing remaining buffer
2017-10-12 10:01:50,536 DEBUG [io.undertow.request.io] (default I/O-1) UT005013: An IOException occurred: java.nio.channels.ClosedChannelException
at io.undertow.protocols.ssl.SslConduit.write(SslConduit.java:367)
at io.undertow.client.http.HttpRequestConduit.processWrite(HttpRequestConduit.java:114)
at io.undertow.client.http.HttpRequestConduit.flush(HttpRequestConduit.java:632)
at io.undertow.conduits.AbstractFixedLengthStreamSinkConduit.flush(AbstractFixedLengthStreamSinkConduit.java:229)
at org.xnio.conduits.ConduitStreamSinkChannel.flush(ConduitStreamSinkChannel.java:162)
at org.xnio.ChannelListeners$14.handleEvent(ChannelListeners.java:413)
at org.xnio.ChannelListeners$14.handleEvent(ChannelListeners.java:409)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
at io.undertow.protocols.ssl.SslConduit$SslWriteReadyHandler.writeReady(SslConduit.java:1218)
at io.undertow.protocols.ssl.SslConduit$3.run(SslConduit.java:273)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:592)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:472)
Environment
- Red Hat JBoss Enterprise Application (EAP)
- 7.0.x
- 7.1.x - Undertow
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.