I have been trying to open a wss connection through a http proxy, and I always got the following exception: ... Caused by: javax.websocket.DeploymentException: The HTTP request to initiate the WebSocket connection failed ... Caused by: java.io.EOFException: null ... Looking at network traffic shows that the proxy connect request is sent, proxy connection is established and then a plain GET request is sent instead of the SSL handshake. Debugging in the WsWebSocketContainer::connectToServer() shows that there is a secure flag, to indicate whether an SSL connection is needed, but it never gets true when the connection is through a proxy. http://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/tomcat/websocket/WsWebSocketContainer.java public Session connectToServer(Endpoint endpoint, ClientEndpointConfig clientEndpointConfiguration, URI path) throws DeploymentException ... boolean secure = false ... if (sa == null) { if (port == -1) { if ("ws".equalsIgnoreCase(scheme)) { sa = new InetSocketAddress(host, 80); } else { // Must be wss due to scheme validation above sa = new InetSocketAddress(host, 443); secure = true; } } else { if ("wss".equalsIgnoreCase(scheme)) { secure = true; } sa = new InetSocketAddress(host, port); } } else { proxyConnect = createProxyRequest(host, port); } ...
Sounds like your (reverse?) proxy is switching from HTTPS top HTTP internally. Bugzilla is not a support forum. Please post a message to the users list with questions, and only reopen this issue if there is a bug discovered in Tomcat.
The original report looks valid. secure is never set when using a proxy
Thanks for the report. This has been fixed in 9.0.x for 9.0.0.M4 onwards, 8.0.x for 8.0.33 onwards and 7.0.x for 7.0.69 onwards.