We're running Java towards a remote web service hosted by a supplier with a couple of middlemen involved. Our Java code (hosted on an IBM WebSphere Application Server) is straightforward, something like so:
URLConnection connection = url.openConnection();
...
connection.getOutputStream().write(...);
The machines are load balanced by a Cisco ACE load balancer and the network has two BlueCoat proxies on the way to the remote web service.
Most of the time it works fine, but (on average) once per day the supplier web service receives an HTTP CONNECT instead of the expected HTTP POST. This is a sample from the access log of an incorrect HTTP CONNECT and below it a typical and correct HTTP POST:
Mar 3 05:15:07 lon-vm-lb01/lon-vm-lb01 logger[28882]: aaa.bbb.ccc.ddd - - [03/Mar/2014:05:15:04 +0000] host.com "CONNECT host.com:443 HTTP/1.1" 403 13 "-" "Java/1.7.0" "-" 810 358 331
Mar 3 05:26:05 lon-vm-lb01/lon-vm-lb01 logger[28882]: aaa.bbb.ccc.ddd - - [03/Mar/2014:05:26:03 +0000] host.com "POST /url/path HTTP/1.1" 200 1842 "-" "Java/1.7.0" "-" 875645 1229 2114
We suspect the proxies or perhaps the load balancer, anybody have experience with seeing this on either the Cisco ACE or the BlueCoat? Or could this actually be a problem on our end where the connection suddenly tries to create a tunnel? Is that even supported by Java SE or whatever might be running on the WAS?
Signature Frantisek sent me an e-mail with the probable cause of this error, a JRE bug, thanks! To sum up, the cause seems to be reuse of HTTPS connections.
(Now only remains to get IBM to fix WebSphere and then our SP to update their bloatware.)