tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 50744] New: When Tomcat was updated from version 5.5.27 to 5.5.32, SSL support for Tomcat does not work.
Date Wed, 09 Feb 2011 14:56:43 GMT

           Summary: When Tomcat was updated from version 5.5.27 to 5.5.32,
                    SSL support for Tomcat does not work.
           Product: Tomcat 5
           Version: 5.5.32
          Platform: Other
        OS/Version: AIX
            Status: NEW
          Severity: major
          Priority: P2
         Component: Servlet & JSP API

In response to CVE-2011-0013 ( and also to resolve other security issues) we
decided to update Tomcat from Verion 5.5.27  to 5.5.32

The process to enable SSL for Tomcat documented at URL was followed for setting
up the SSL at Version 5.5.27.


The following command was used to generate the Certificate Keystore

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \
  -keystore /home/tomcat/.keystore

(However we used our customized password rather than  the deafult one changeit)


The following entry was added to server.xml :

    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true" SSLEnabled="true"
               clientAuth="false" sslProtocol="SSL"
               keystorePass="<Known Password>" algorithm="IbmX509" />

This process has worked correctly for serving Tomcat without SSL on port 8080
and  with SSL  on port 8443

Similar process was used to setup SSL for Tomcat 5.5.32. However Tomcat starts
with some errors serving Tomcat on non-SSL  port 8080 correctly and the SSL
port on 8443 does not work. (Catalina logs have some errors and I have attached
the log to this BUG report).

What changed between version 5.5.27 and 5.5.32  that resulted in this failure?

Thank you for your help and support in this matter.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message