Fix ALPN negotiation with JSSE

When using a JSSE TLS connector that supported ALPN (Java 9 onwards) and a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and instead dropped the connection.
apache · Mar 27, 2019 · a938b51 · a938b51
1 parent 085c041
commit a938b51
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/java/org/apache/coyote/AbstractProtocol.java b/java/org/apache/coyote/AbstractProtocol.java
@@ -777,7 +777,9 @@ public SocketState process(SocketWrapperBase<S> wrapper, SocketEvent status) {
             try {
                 if (processor == null) {
                     String negotiatedProtocol = wrapper.getNegotiatedProtocol();
-                    if (negotiatedProtocol != null) {
+                    // OpenSSL typically returns null whereas JSSE typically
+                    // returns "" when no protocol is negotiated
+                    if (negotiatedProtocol != null && negotiatedProtocol.length() > 0) {
                         UpgradeProtocol upgradeProtocol =
                                 getProtocol().getNegotiatedProtocol(negotiatedProtocol);
                         if (upgradeProtocol != null) {

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
@@ -104,6 +104,11 @@
       <fix>
         Harmonize NIO2 isReadyForWrite with isReadyForRead code. (remm)
       </fix>
+      <fix>
+        When using a JSSE TLS connector that supported ALPN (Java 9 onwards) and
+        a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and
+        instead dropped the connection. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">