Tomcat SSL - IllegalStateException: SSL session ID not available

Question

I am working on project - Tomcat 9, JSF 2.2, Spring Security 4.1

When I try to secure connection with HTTPS SSL and when i accessed page I got an error but HTTPS is working well. Only this error makes me crazy.

02-Jul-2016 16:02:04.664 WARNING [https-openssl-nio-443-exec-1] org.apache.coyote.http11.Http11Processor.action Exception getting SSL attributes
java.lang.IllegalStateException: SSL session ID not available
 at org.apache.tomcat.util.net.openssl.OpenSSLEngine$OpenSSLSession.getId(OpenSSLEngine.java:1048)
 at org.apache.tomcat.util.net.jsse.JSSESupport.getSessionId(JSSESupport.java:156)
 at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:806)
 at org.apache.coyote.Request.action(Request.java:392)
 at org.apache.catalina.connector.Request.getAttribute(Request.java:903)
 at org.apache.catalina.connector.Request.getAttributeNames(Request.java:985)
 at com.sun.faces.application.WebappLifecycleListener.requestDestroyed(WebappLifecycleListener.java:114)
 at com.sun.faces.config.ConfigureListener.requestDestroyed(ConfigureListener.java:383)
 at org.apache.catalina.core.StandardContext.fireRequestDestroyEvent(StandardContext.java:5953)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
 at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
 at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)
 at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
 at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1419)
 at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:44)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 at java.lang.Thread.run(Thread.java:745)

The strange thing is that my team mate isn´t getting this error and he has the same code, server and server settings.

Tomcat HTTPS settings:

    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
      SSLEnabled="true"
      maxThreads="150"
      scheme="https" secure="true"          
      clientAuth="false" sslProtocol="TLSv1.2"
      keystoreFile="C:\apache-tomcat-9.0.0.M8\conf\keystore"
      keystorePass="changeit" 
      keyAlias="tomcat" 
      keyPass="????" />

Sorry for my English.

Answer 1

I suspect that your team mate has not got the Tomcat Native library installed.

This is a side-effect of enabling TLS session tickets. If you set disableSessionTickets="true" on your SSLHostConfig you'll see the TLS session IDs and the error will go away.

That you see the exception when session tickets are enabled looks to be a bug in Tomcat's JSSE with OpenSSL code. I've opened a bug for Tomcat Native:

https://bz.apache.org/bugzilla/show_bug.cgi?id=59811

You can follow progress via the bug.