tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Apache HTTPD (with SSL) + mod_jk + TomEE (Tomcat) nullify the ssl session id
Date Tue, 07 Jul 2015 17:16:44 GMT
Alex Soto wrote:
> Thank you so much but it is already set.
> https://github.com/lordofthejars/apache-tomee-ssl/blob/master/httpd.conf#L171
> This is so strange.

But there is also this phrase : "In order to make SSL data available for mod_jk in Apache,

you need to set SSLOptions +StdEnvVars."

Honestly, I have never tried this, and I am not an SSL specialist at all, and the phrase 
above is a bit ambiguous.  But it seems worth a try, and I do not see it in your 
configuration.

> 
> El dt., 7 jul. 2015 a les 12:25, André Warnier (<aw@ice-sa.com>) va
> escriure:
> 
>> Mark Thomas wrote:
>>> On 07/07/2015 09:28, Alex Soto wrote:
>>>> Hi Mark, SSL Session ID is not passed to Tomcat. You can see the logs
>> here
>>>> https://gist.github.com/lordofthejars/226d8ed605f2a58b52f3 (I have
>> created
>>>> a gist to not add here a lot of lines).
>>>>
>>>> Now the question is is it happens because of mod_jk or because of
>> Apache?
>>>> Alex.
>>> OK. You've reached the limits of my conform zone. You need someone more
>>> familiar with the httpd side of things at this point. Rainer?
>>>
>>> Mark
>> Not Rainer, but maybe this helps :
>> http://tomcat.apache.org/connectors-doc/reference/apache.html
>> Look for "JkExtractSSL".
>>
>>
>>>> El dl., 6 jul. 2015 a les 12:48, Mark Thomas (<markt@apache.org>) va
>>>> escriure:
>>>>
>>>>> On 06/07/2015 10:48, Alex Soto wrote:
>>>>>> Hello I have seen a strange behaviour in Apache HTTPD (2.4)  and
TomEE
>>>>> (in
>>>>>> fact it is a Tomcat (7.0.61) so it is exactly the same for Tomcat)
>> when I
>>>>>> configure Apache server with SSL and mod_jk.
>>>>>> In fact I am not sure where it is the problem if in mod_jk, in Apache
>>>>>> Server or in Tomcat, but I suspect that maybe the problem is on mod_jk
>>>>>> configuration.
>>>>>>
>>>>>> I am configuring the typical Apache as frontend and TomEE(Tomcat)
as
>>>>>> backend solution. Currently Apache is configured with SSL and with
>> mod_jk
>>>>>> it connects to TomEE using AJP. This works perfectly. The problem
is
>> that
>>>>>> inside my code I need to get the ssl session id:
>>>>>>
>>>>>> String ssl =
>>>>>>
>> (String)servletRequest.getAttribute("javax.servlet.request.ssl_session_id");
>>>>>> I don't know why but sometimes this attribute is null and sometimes
>> not.
>>>>> It
>>>>>> may return a null at first then stay like 10 requests working and
then
>>>>> stop
>>>>>> working again during some requests and the get attribute returns
null.
>>>>>>
>>>>>> It seems that everything is configured correctly since sometimes
>> works.
>>>>>> Have you ever found something similar or knows what it can be
>> happening?
>>>>> Do
>>>>>> you think that maybe the problem is on client (browser) side?
>>>>>>
>>>>>> Everything is dockerized here:
>>>>>> https://github.com/lordofthejars/apache-tomee-ssl so you can review
>>>>>> configuration files of tomcat and apache or even run it.
>>>>>>
>>>>>> Thank you so much for your support.
>>>>> Try turning on debug logging for mod_jk. It will generate lots of data
>>>>> so just do it long enough to see the problem. When you look at the logs
>>>>> you should be able to see if the SSL Session ID is being passed to
>>>>> Tomcat or not.
>>>>>
>>>>> Mark
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message