tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chirag Dewan <chirag.dewa...@yahoo.in>
Subject Re: Issue while using SSL with Embedded Tomcat 6.0.37
Date Wed, 09 Oct 2013 13:59:00 GMT
Hi,

I have a wrapper connector class :

public HTTPConnector(int port, String keystoreFile, String password, int maxKeepAliveRequests,
int maxThreads, int connectionTimeout, Logger logger)
            throws Exception
    {
        myLogger = logger;
        this.keyStoreFile = keystoreFile;
        this.keyStorePassword = password;

        if( maxKeepAliveRequests != 0 && maxKeepAliveRequests >= -1 )
        {
            IntrospectionUtils.setProperty( this, "maxKeepAliveRequests", String.valueOf(
maxKeepAliveRequests ) );
        }

        if( maxThreads > 0 )
        {
            IntrospectionUtils.setProperty( this, "maxThreads", String.valueOf( maxThreads
) );
        }

        InetAddress address = null;
        try
        {
            if( keystoreFile != null )
            {
                String cipherSet = System.getProperty("https.cipher.set");
                
                setSecure( true );

                if( myLogger.isLoggable( Level.FINER ) ) myLogger.finer( "EmbeddedTomcat
using HTTPS and cipher sets " + cipherSet );
                setScheme( "https" );

                try
                {
                    // Added TLS since there is a bug in Tomcat 5.5.9. No default
protocol is set.
                    IntrospectionUtils.setProperty( this, "sslProtocol", "TLS"
);
                    IntrospectionUtils.setProperty( this, "keystore", keyStoreFile
);
                    IntrospectionUtils.setProperty( this, "keypass", keyStorePassword
);
                    IntrospectionUtils.setProperty( this, "SSLEnabled", "true"
);
                    if(cipherSet != null && !cipherSet.equalsIgnoreCase("")){
                        
                        IntrospectionUtils.setProperty( this, "ciphers",
cipherSet );
                        
                    }
                }
                catch( Exception exception )
                {
                    myLogger.severe( "Could not load SSL server socket factory."
);
                    throw new Exception( "Could not load SSL server socket
factory." );
                }
            }
            else
            {
                setSecure( false );
            }

            address = InetAddress.getLocalHost();
            if( address != null )
            {
                IntrospectionUtils.setProperty( this, "address", "" + address
);
            }
            IntrospectionUtils.setProperty( this, "port", "" + port );
            IntrospectionUtils.setProperty( this,  "connectionTimeout", String.valueOf((connectionTimeout
* 1000)) );
        }
        catch( Exception exception )
        {
            myLogger.severe( "Exception occurred while making HTTP Connector. " );
            throw new Exception( "Exception occurred while making HTTP Connector.
" );
        }

        try
        {
            setEnableLookups( false );
        }
        catch( Exception exception )
        {
            myLogger.severe( "Exception occurred while enabling lookups. " );
            throw new Exception( "Exception occurred while enabling lookups. " );
        }
    }

and I attach it to the container by :

Embedded embedded = new Embedded();

embedded.addConnector( connector );
                connector.start();

and I call embedded.start(); during intialization,so I have the Tomcat running.

Chris,"cipherSet" is a configurable parameter. I am usually using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
for testing purpose.

Thanks!

Chirag




On Wednesday, 9 October 2013 7:17 PM, Christopher Schultz <chris@christopherschultz.net>
wrote:
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chirag,

On 10/9/13 8:39 AM, Chirag Dewan wrote:
> The first request after the Server is started gets rejected.

Interesting.

> I am setting my connector as follows:
> 
> IntrospectionUtils.setProperty( this, "sslProtocol", "TLS" ); 
> IntrospectionUtils.setProperty( this, "keystore", keyStoreFile ); 
> IntrospectionUtils.setProperty( this, "keypass", keyStorePassword
> ); IntrospectionUtils.setProperty( this, "SSLEnabled", "true" ); 
> IntrospectionUtils.setProperty( this, "ciphers", cipherSet );
> 
> This is my connector configuration. I am now setting cipher,as you
>  can see. And it is selecting the specified cipher,so that way I
> can limit the cipher sets to be selected by Server.

What is the value of "cipherSet"?

Perhaps you could share some /more/ code... the above for instance
doesn't show how you initialize the connector, attach it to the
container, etc.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSVV5IAAoJEBzwKT+lPKRYhOcP/RMB6jViNpnHboLKWMpxGZmi
OhfaT3GOKmjgaN/lbKZJV5tj3Y3Sb4MrYJzybw0FRUwpkmnK0Y9YgcmiizkTRuTr
Qn8axJovAYODi//PBopUuDFcM+ecqYaN7CfUVk+x7UfBDgEXtsbMqFC34BOAS4EL
KwZxG1ZAsiy6Wcz2RtEqBmioHRFJFP6uyxDvgQEZL90niNtAz+tnc3ut9gVZdZt7
mRl6gEfczWTMKwRYNcE2ltXbAeDjRT1dWEShjHcf7ybawA72lxdxoc8S1iWmZBJ5
ULTdwbwIOmepbUyGT5KioXt7/uENXYElzBqnO4O6lceg0bofcub8d12JNjHUA+bD
YbVHwSRkG9sjM7aou1xmK/JD6zRUbVbuBVg8HYsHZYcN5S0GEolfLlDiaz0vF6iS
56B0aYwTvBm/+KF+FPFPv/Nj+rPV0ukhE145MbHELN8rzfTbcP2m0q/dyUdddOa/
GY79VjXPevqlVUmiIlahx+woVJzpWq2pdG3AckPP0ZXehP/X4WjSmCgT+xATmg33
K88mqGgaU3zJnBpUUWe1mkUy8K0tVBSUuGNlivkHXxabY16Lci+kCsoveaVivTtp
RLhTQ+eryoudQb5wGY6OWQKLdIwm8vTBQ7HArrq2OePy6tzqY/8vjKWqKXn7Byn9
FhmxAFdo+ulfNChxVIC4
=JFmk

-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message