tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50744] New: When Tomcat was updated from version 5.5.27 to 5.5.32, SSL support for Tomcat does not work.
Date Wed, 09 Feb 2011 14:56:43 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50744

           Summary: When Tomcat was updated from version 5.5.27 to 5.5.32,
                    SSL support for Tomcat does not work.
           Product: Tomcat 5
           Version: 5.5.32
          Platform: Other
        OS/Version: AIX
            Status: NEW
          Severity: major
          Priority: P2
         Component: Servlet & JSP API
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: murthys@us.ibm.com


_1_)
In response to CVE-2011-0013 ( and also to resolve other security issues) we
decided to update Tomcat from Verion 5.5.27  to 5.5.32

_2_)
The process to enable SSL for Tomcat documented at URL
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html was followed for setting
up the SSL at Version 5.5.27.

_2_a_)

The following command was used to generate the Certificate Keystore

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA \
  -keystore /home/tomcat/.keystore

(However we used our customized password rather than  the deafult one changeit)

_2_b_)

The following entry was added to server.xml :

    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true" SSLEnabled="true"
               clientAuth="false" sslProtocol="SSL"
               keystoreFile="/home/tomcat/.keystore"
               keystorePass="<Known Password>" algorithm="IbmX509" />

_2_c_)
This process has worked correctly for serving Tomcat without SSL on port 8080
and  with SSL  on port 8443

_3_)
Similar process was used to setup SSL for Tomcat 5.5.32. However Tomcat starts
with some errors serving Tomcat on non-SSL  port 8080 correctly and the SSL
port on 8443 does not work. (Catalina logs have some errors and I have attached
the log to this BUG report).

_4_)
What changed between version 5.5.27 and 5.5.32  that resulted in this failure?

Thank you for your help and support in this matter.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message