File upload gives net:ERR_CONNECTION_RESET #6152
Comments
|
Can you capture DEBUG logs for the failing example and attach them here? |
|
@joakime That's a bit hard to do as it's a production environment for a user organisation. Yesterday I spent a lot of time figuring out what was going on, and I finally solved the problem by creating a new installer with the older Jetty version. If absolutely necessary I have to ask the user to set up a debugging session when web activity is low. If you can somehow get clues from the code itself, that would be preferable. |
|
This may be fixed by #6142 Either way, we are likely to make a new release early next week. |
|
Rijk,
assuming my guess about the cause is correct, then logging in
org.eclipse.jetty.io.ssl would be appropriate.... but then if my guess is
correct, there will be nothing to see in that logging. If my guess is
wrong, that debugging might help, but it probably won't.
So perhaps just deploy it with no extra logging for a start.
…On Sat, 10 Apr 2021 at 23:25, Rijk Ravestein ***@***.***> wrote:
@gregw <https://github.com/gregw> Thanks for your quick reply! I'd rather
wait for the next 9.4.40 (?) release with the #6142
<#6142> fix. I can then set
DEBUG right away during installation. What log4j DEBUG scope should I use?
I assume log4j.logger.org.eclipse.jetty=DEBUG will probably create too
much log entries?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#6152 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAARJLL4DNHOBFZY2TGTREDTIBGWLANCNFSM42WOIYXQ>
.
--
Greg Wilkins ***@***.***> CTO http://webtide.com
|
|
@gregw When we install the new release we will have enough time to test and set log levels as needed. Thanks for your support. I'll keep you posted about the results. |
|
@gregw We installed 9.4.40.v20210413 and first tests show the issue is solved. We deployed to production and will remain alert to user reports for the next few days. |
…SET issue ### What changes were proposed in this pull request? This PR proposes to upgrade Jetty to 9.4.40. ### Why are the changes needed? SPARK-34988 (#32091) upgraded Jetty to 9.4.39 for CVE-2021-28165. But after the upgrade, Jetty 9.4.40 was released to fix the ERR_CONNECTION_RESET issue (jetty/jetty.project#6152). This issue seems to affect Jetty 9.4.39 when POST method is used with SSL. For Spark, job submission using REST and ThriftServer with HTTPS protocol can be affected. ### Does this PR introduce _any_ user-facing change? No. No released version uses Jetty 9.3.39. ### How was this patch tested? CI. Closes #32318 from sarutak/upgrade-jetty-9.4.40. Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com> Signed-off-by: Kousuke Saruta <sarutak@oss.nttdata.com>
…ON_RESET issue ### What changes were proposed in this pull request? This PR backports SPARK-35210 (#32318). This PR proposes to upgrade Jetty to 9.4.40. ### Why are the changes needed? SPARK-34988 (#32091) upgraded Jetty to 9.4.39 for CVE-2021-28165. But after the upgrade, Jetty 9.4.40 was released to fix the ERR_CONNECTION_RESET issue (jetty/jetty.project#6152). This issue seems to affect Jetty 9.4.39 when POST method is used with SSL. For Spark, job submission using REST and ThriftServer with HTTPS protocol can be affected. ### Does this PR introduce _any_ user-facing change? No. No released version uses Jetty 9.3.39. ### How was this patch tested? CI. Closes #32324 from sarutak/backport-3.1-SPARK-35210. Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com> Signed-off-by: Liang-Chi Hsieh <viirya@gmail.com>
…ON_RESET issue ### What changes were proposed in this pull request? This PR backports SPARK-35210 (#32318). This PR proposes to upgrade Jetty to 9.4.40. ### Why are the changes needed? SPARK-34988 (#32091) upgraded Jetty to 9.4.39 for CVE-2021-28165. But after the upgrade, Jetty 9.4.40 was released to fix the ERR_CONNECTION_RESET issue (jetty/jetty.project#6152). This issue seems to affect Jetty 9.4.39 when POST method is used with SSL. For Spark, job submission using REST and ThriftServer with HTTPS protocol can be affected. ### Does this PR introduce _any_ user-facing change? No. No released version uses Jetty 9.3.39. ### How was this patch tested? CI. Closes #32323 from sarutak/backport-3.0-SPARK-35210. Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com> Signed-off-by: Liang-Chi Hsieh <viirya@gmail.com>
…ON_RESET issue ### What changes were proposed in this pull request? This PR backports SPARK-35210 (#32318). This PR proposes to upgrade Jetty to 9.4.40. ### Why are the changes needed? SPARK-34988 (#32091) upgraded Jetty to 9.4.39 for CVE-2021-28165. But after the upgrade, Jetty 9.4.40 was released to fix the ERR_CONNECTION_RESET issue (jetty/jetty.project#6152). This issue seems to affect Jetty 9.4.39 when POST method is used with SSL. For Spark, job submission using REST and ThriftServer with HTTPS protocol can be affected. ### Does this PR introduce _any_ user-facing change? No. No released version uses Jetty 9.3.39. ### How was this patch tested? CI. Closes #32322 from sarutak/backport-SPARK-35210. Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com> Signed-off-by: Liang-Chi Hsieh <viirya@gmail.com>
|
@rijkr closing this as solved. Please reopen if you still have problems. |
…ON_RESET issue This PR backports SPARK-35210 (apache#32318). This PR proposes to upgrade Jetty to 9.4.40. SPARK-34988 (apache#32091) upgraded Jetty to 9.4.39 for CVE-2021-28165. But after the upgrade, Jetty 9.4.40 was released to fix the ERR_CONNECTION_RESET issue (jetty/jetty.project#6152). This issue seems to affect Jetty 9.4.39 when POST method is used with SSL. For Spark, job submission using REST and ThriftServer with HTTPS protocol can be affected. No. No released version uses Jetty 9.3.39. CI. Closes apache#32324 from sarutak/backport-3.1-SPARK-35210. Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com> Signed-off-by: Liang-Chi Hsieh <viirya@gmail.com>
Jetty version
9.4.39.v20210325
Java version
OpenJDK 64-Bit Server VM - 1.8.0_282
OS type/version
Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-140-generic x86_64)
Description
Our Jetty Web Server application is deployed on various servers and can be accessed over the Internet via router port forwarding or Apache reverse proxy. After upgrading Jetty 9.4.38.v20210224 to 9.4.39.v20210325, one server gives a "(failed) net:ERR_CONNECTION_RESET" error for large 2MB< file uploads via https://fail.example.com : upload of smaller files, such as 60 KB, will work fine. This finding cannot be reproduced on our reference site https://okay.example.org : all types of file uploads work fine there. (URLs are obfuscated for privacy. The error is observed in Chromium Browser > Development tools > Network.)
So what is the difference between the two sites? After numerous checks and tests the only difference we see is the kind of SSL cert used:
*.example.comandexample.com(in that order).okay.example.org(DNS names for other subdomains are also present).The upload errors for https://fail.example.com disappear when we revert to Jetty 9.4.38.v20210224.
Could this behavior be related to #6034 ?
The text was updated successfully, but these errors were encountered: