SSL Communication failing in tomcat 10 in FIPS mode

Question

tomcat version 10.1.19 Connector Config

port = 8443
protocol="org.apache.coyote.http11.Http11NioProtocol"
defaultSSLHostConfigName="defaultConfig"

Symptom: curl waits for about 20 seconds after the step "TLSv1.2 (IN), TLS handshake, Server key exchange (12):" --tls-max 1.2 argument was passed to curl

*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/infaca/ca-bundle.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8443

Tomcat access log shows 10.29.5.112 - - 2024-10-02 00:05:31.204 null -1 "-" 400 - 0 - 10.29.5.22 - "-" "-" null

where response code is 400, protocol is null, port is -1, http request line is "-", http reponse size is "-" and time taken is 0, last null value is tomcat worker thread name

In SSLHostConfig, tried limiting ciphers to fips compliant and restricted protocol to tls 1.2, but did not make any difference

<SSLHostConfig
          hostName="defaultConfig"
          certificateVerification="required"
          ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
          protocols="TLSv1.2"
          sessionCacheSize="10000"
          sessionTimeout="3630"
    >

Tried enabling java ssl debug using -Djavax.net.debug=ssl but it does not print much information.

Tried setting org.apache.catalina.level = FINE in tomcat logging properties, but did not get useful information in catalina logs

class path contains /opt/java/zulu17.50.20-sa-jdk17.0.11-linux_x64-fips-bc/fips_libs and command line includes -Dorg.bouncycastle.fips.approved_only=true

Update: 20s timeout is corresponding to connectionTimeout set on https connector.

gnutls-util shows that SSL handshake was completed

[2024-10-04 00:01:45] - Description: (TLS1.3-X.509)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
[2024-10-04 00:01:45] - Options:
[2024-10-04 00:01:45] - Handshake was completed

Update 2: gnutls-cli is working after providing HTTP request line via stdin. Tried using equivalent cipher with curl, but curl still fails after 20s

curl -vk https://localhost:12345/XXX/mgmtapi/version --ciphers 'ECDHE-RSA-AES256-GCM-SHA384'

Update 3: There is a 20s gap between certificate request and its completion By that time, tomcat connection timeout is reached and it closes the connection Note: This tcp dump was decrypted using SSLKEYLOGFILE env variable method

Update 4: TCP dump from wget. Request is done in ~30ms This tcp dump is encrypted

Update 5: strace in tomcat shows the delay of 5s (connection timeout reduced to 5s from 20s)

# grep '(15, ' strace_log_.2631*
strace_log_.2631293:21:30:00.659611 read(15, "\26\3\1\0\313\1\0\0\307\3\3i\n\364\234\234u\6B\3211\24\366\202\30_,\334a\356\235f"..., 16921) = 208 <0.000044>
strace_log_.2631293:21:30:00.671155 read(15, 0x7faff802b1e0, 18505) = -1 EAGAIN (Resource temporarily unavailable) <0.000019>
strace_log_.2631293:21:30:00.673816 write(15, "\26\3\3\0]\2\0\0Y\3\3~KL\352\315*\207L\310\357\256\204qv\311\334\364ag\213\224"..., 17408) = 17408 <0.000088>
strace_log_.2631293:21:30:00.673963 read(15, 0x7faff8029be0, 18713) = -1 EAGAIN (Resource temporarily unavailable) <0.000084>
strace_log_.2631294:21:30:05.762746 write(15, "Universal Root Certification Aut"..., 1915) = 1915 <0.004974>
strace_log_.2631294:21:30:05.768307 getsockopt(15, SOL_SOCKET, SO_LINGER, {l_onoff=0, l_linger=0}, [8]) = 0 <0.000070>
strace_log_.2631294:21:30:05.768970 shutdown(15, SHUT_WR)   = 0 <0.000650>
strace_log_.2631296:21:30:00.641739 fcntl(15, F_GETFL)      = 0x2 (flags O_RDWR) <0.000023>
strace_log_.2631296:21:30:00.641834 getsockname(15, {sa_family=AF_INET6, sin6_port=htons(8443), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:127.0.0.1", &sin6_addr), sin6_scope_id=0}, [28]) = 0 <0.000028>
strace_log_.2631296:21:30:00.641931 getsockname(15, {sa_family=AF_INET6, sin6_port=htons(8443), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::ffff:127.0.0.1", &sin6_addr), sin6_scope_id=0}, [28]) = 0 <0.000023>
strace_log_.2631296:21:30:00.657494 fcntl(15, F_GETFL)      = 0x2 (flags O_RDWR) <0.000020>
strace_log_.2631296:21:30:00.657543 fcntl(15, F_SETFL, O_RDWR|O_NONBLOCK) = 0 <0.000016>
strace_log_.2631296:21:30:00.657643 setsockopt(15, SOL_SOCKET, SO_RCVBUF, [32768], 4) = 0 <0.000020>
strace_log_.2631296:21:30:00.657712 setsockopt(15, SOL_SOCKET, SO_LINGER, {l_onoff=0, l_linger=0}, 8) = 0 <0.000017>
strace_log_.2631296:21:30:00.657765 setsockopt(15, SOL_TCP, TCP_NODELAY, [1], 4) = 0 <0.000017>

Looks like fragmentation of CA Cert has something to do with it

Update 6 It worked after reducing file size of truststore.jks by 22k Original size was 166k, new size 144k