tracker issue : CF-4203526

select a category, or use search below
(searches all categories and all time range)
Title:

ColdFusion uses invalid attribute, packetSize, in Tomcat HTTP connector settings

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/HaveNewInfo

Reporter/Name(from Bugbase): A. Bakia / ()

Created: 11/26/2018

Components: Web Container (Tomcat)

Versions: 2016

Failure Type: Others

Found In Build/Fixed In Build: 2016.0.07.311392 / CF2016U12,CF2018U5

Priority/Frequency: Normal /

Locale/System: / Win 2016

Vote Count: 2

Problem Description: 
When you install ColdFusion, the attribute, packetSize, is included by default in the settings for the Tomcat HTTP connector. This is incorrect. 

Steps to Reproduce:
1) Install ColdFusion 2016;
2) Open the file /cfusion/runtime/conf/server.xml in a text editor. Locate the HTTP <connector> elements; these are the connector elements whose protocol value is "HTTP/1.1" or "org.apache.coyote.http11.Http11NioProtocol". 

Actual Result: You will see that each <connector> element has the attribute, packetSize="65535".

Furthermore, whenever you restart ColdFusion you will find the following line in coldfusion-error.log: "WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'packetSize' to '65535' did not find a matching property." .

Expected Result: 
1) No packetSize attribute in the HTTP connector elements in server.xml;
2) No warning about the 'packetSize' property in server.xml

Any Workarounds:
Not applicable.

Attachments:

Comments:

ColdFusion 2016 currently uses Tomcat version 8.5.32. You will find the settings of Tomcat 8.5.* at https://tomcat.apache.org/tomcat-8.5-doc/config/http.html
Comment by A. B.
29966 | November 26, 2018 01:07:16 PM GMT
For the AJP connector, packetSize limits the amount of (binary) bytes per packet, a limit that also applies to each load-balancer worker. However, I am uncertain as to the effect of this setting for HTTP connectors. It might be benign. But it might also be critical. For one thing, it is shared by all ColdFusion instances.
Comment by A. B.
29967 | November 26, 2018 02:08:15 PM GMT
Although you have closed the ticket https://tracker.adobe.com/#/view/CF-4203917, it is still relevant here. The WARNINGS reported there still occur in coldfusion-error.log the most recent version of ColdFusion, namely Build 2018.0.03.314033. in fact, I have today discovered a new, related issue. A separate description follows.
Comment by A. B.
30475 | March 12, 2019 10:25:45 AM GMT
Tomcat 9 documentation (https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html) says: The final step is to configure the Connector in the $CATALINA_BASE/conf/server.xml file, where $CATALINA_BASE represents the base directory for the Tomcat instance. An example <Connector> element for an SSL connector is included in the default server.xml file installed with Tomcat. To configure an SSL connector that uses JSSE, you will need to remove the comments and edit it so it looks something like this: <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="${user.home}/.keystore" keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/> Following this how-to, I uncommented the org.apache.coyote.http11.Http11NioProtocol connector in {CF_INSTANCE_DIR}\runtime\conf\server.xml and added more attributes, as follows: <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8445" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="D:/Coldfusion2018/studiemeter.pfx" keystoreType="PKCS12" keystorePass="A1b23C456" clientAuth="false" sslProtocol="TLS" /> This works as expected, enabling secure HTTP access. Nevertheless, when I restart the ColdFusion instance, I get the following WARNING in coldfusion-error.log: Mar 12, 2019 11:16:17 AM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'protocol' to 'org.apache.coyote.http11.Http11NioProtocol' did not find a matching property. As you can see, this is similar to the issue I reported in https://tracker.adobe.com/#/view/CF-4203917
Comment by A. B.
30476 | March 12, 2019 10:41:03 AM GMT