I'm trying to connect to my Meteor backend. When connecting via https, I sometimes get this BufferOverflowException:
Exception in thread "Thread-7" java.nio.BufferOverflowException
at java.nio.DirectByteBuffer.put(DirectByteBuffer.java:363)
at java.nio.DirectByteBuffer.put(DirectByteBuffer.java:342)
at sun.nio.ch.IOUtil.write(IOUtil.java:60)
at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:471)
at org.java_websocket.SSLSocketChannel2.close(SSLSocketChannel2.java:270)
at org.java_websocket.WebSocketImpl.closeConnection(WebSocketImpl.java:453)
at org.java_websocket.WebSocketImpl.closeConnection(WebSocketImpl.java:472)
at org.java_websocket.WebSocketImpl.eot(WebSocketImpl.java:509)
at org.java_websocket.client.WebSocketClient.interruptableRun(WebSocketClient.java:249)
at org.java_websocket.client.WebSocketClient.run(WebSocketClient.java:188)
at java.lang.Thread.run(Thread.java:745)
When the overflow doesn't happen, I can't connect to the server anyways. I get this .CLOSED message:
{msg=closed, reason=, code=-1, remote=true}
I analyzed the handshake with Wireshark and got this: https://drive.google.com/file/d/0B9cfrkkW62eIWHlzY2oyU0k5cDA/view?usp=sharing
I see the client gets the certificate, but then it doesn't respond with the handshake continuation, it sends a Hello again, and therefore the server resets the connection. I believe this is why the overflow happens, when the timing is right, the client tries to read from an empty socket.
But I'm obviously grasping at straws here, any help would be greatly appreciated. I can contribute with code if somebody pushes me in the right direction.
This is (some relevant part) of my nginx config, but I really doubt it'll do any difference:
# Load Balancing
upstream upstream {
server 127.0.0.1:3001;
keepalive 64;
}
# HTTPS
server {
listen 443 ssl http2;
ssl_protocols TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:2m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Public-Key-Pins 'pin-sha256="xxx"; pin-sha256="xxx"; max-age=10';
ssl_certificate cert.pem;
ssl_certificate_key key.pem;
server_name server.com;
# Proxy Meteor app running locally
location ^~ / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade websocket;
proxy_set_header Connection Upgrade;
proxy_http_version 1.1;
proxy_pass http://upstream;
}
}
I'm trying to connect to my Meteor backend. When connecting via https, I sometimes get this BufferOverflowException:
When the overflow doesn't happen, I can't connect to the server anyways. I get this .CLOSED message:
{msg=closed, reason=, code=-1, remote=true}I analyzed the handshake with Wireshark and got this: https://drive.google.com/file/d/0B9cfrkkW62eIWHlzY2oyU0k5cDA/view?usp=sharing
I see the client gets the certificate, but then it doesn't respond with the handshake continuation, it sends a Hello again, and therefore the server resets the connection. I believe this is why the overflow happens, when the timing is right, the client tries to read from an empty socket.
But I'm obviously grasping at straws here, any help would be greatly appreciated. I can contribute with code if somebody pushes me in the right direction.
This is (some relevant part) of my nginx config, but I really doubt it'll do any difference: