tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Campbell <joh...@us.ibm.com>
Subject SSL with IBM SDK and IBM JSSE
Date Thu, 13 Feb 2003 17:43:18 GMT




I am using Tomcat 4.1.18 with IBM SDK 1.4.0.  When I have the SSL connector
enabled in server.xml, I can't start Tomcat.  I get the following error:

     java.lang.NoClassDefFoundError: com/sun/net/ssl/internal/ssl/Provider

In the server.xml I am using the following for the SSL connector:

     <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8443" minProcessors="5" maxProcessors="75"
               enableLookups="true"
             acceptCount="100" debug="0" scheme="https" secure="true"
               useURIValidationHack="false" disableUploadTimeout="true">
      <Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
               clientAuth="false" protocol="TLS"
keystoreFile="conf\keystore"
               keystorePass="xxxxxxxx"/>

I have replaced the actual keystore password with xxxxxxxx above.  Since
the IBM SDK 1.4.0 uses the IBM JSSE the following is in my java.security
file:

      security.provider.1=com.ibm.jsse.IBMJSSEProvider
      security.provider.2=com.ibm.crypto.provider.IBMJCE
     security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
     security.provider.4=com.ibm.security.cert.IBMCertPath

I have found that the SSL connector works fine when using the IBM SDK 1.3.1
with the Sun JSSE 1.0.3.  In this case my java.security file contains:

      security.provider.1=sun.security.provider.Sun
      security.provider.2=com.sun.net.ssl.internal.ssl.Provider

Does anyone know if there is a way to configure Tomcat to use the IBM SDK
with the IBM JSSE for the SSL connector.  I have also tried this with
Tomcat 4.0.4 with the same results.  I looked at the source for Tomcat
4.0.6 and found the following in SSLServerSocketFactory.java that makes me
think that Tomcat can only work with the Sun JSSE:

      /**
     * The name of our protocol handler package for the "https:" protocol.
     */
    private static final String PROTOCOL_HANDLER =
        "com.sun.net.ssl.internal.www.protocol";


    /**
     * The name of the system property containing a "|" delimited list of
     * protocol handler packages.
     */
    private static final String PROTOCOL_PACKAGES =
        "java.protocol.handler.pkgs";

    /**
     * The configured socket factory.
     */
    private javax.net.ssl.SSLServerSocketFactory sslProxy = null;

I really would like to find a way to use the IBM JSSE if possible.  Any
help would be greatly appreciated.

John A. Campbell
IBM Sales and Distribution
zSeries Advanced Technical Support
800 N. Frederick Ave.
Gaithersburg, MD 20879
301-240-3783  T/L 372-3783
johnca@us.ibm.com


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message