tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Apache HTTPD (with SSL) + mod_jk + TomEE (Tomcat) nullify the ssl session id
Date Mon, 13 Jul 2015 13:19:07 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Konstantin,

On 7/9/15 6:30 AM, Konstantin Kolinko wrote:
> Please do not top-post, Rules: 
> http://tomcat.apache.org/lists.html#tomcat-users -> "6."
> 
> 2015-07-09 13:07 GMT+03:00 Alex Soto <asotobu@gmail.com>:
>> yes (LogFormat "%H %{SSL_SESSION_ID}e %h %l %u %t \"%r\" %>s
>> %b") note that in both cases %H is the same value. I think it is
>> correct.
> 
> Agreed. HTTP/1.1 is correct here. It is what is written on the
> first line of an HTTP request.
> 
>> Have a look here :
>> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats 
>> and in particular at %{FOOBAR}e     The contents of the
>> environment variable FOOBAR
>> 
>> You can also log the request protocol : %H      The request
>> protocol
> 
> OP is using HTTPD 2.4, so documentation link is s/2.2/2.4/, 
> http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats
> 
> You may look at mod_ssl docs, 
> http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
> 
> There are a number of interesting environment variables that may
> be logged (HTTPS, SSL_PROTOCOL, SSL_SESSION_RESUMED).
> 
> Description of  "SSLSessionCache" directive in mod_ssl mentions
> some null values, but as you have configured "shmcb" cache
> implementation that apparently should not happen.

If the shared-memory configuration isn't working, weird things like
this may happen. I had a similar problem with mod_jk's shared memory
configuration pointing to an incorrect-path on the disk, and so shm
didn't initialize properly.

A small "FYI: shared memory isn't working" message was printed at
startup but otherwise everything else was working as expected... until
I noticed that mod_jk's worker statuses were jumping-around from
ACTIVE to DISABLED and back without me changing them.

The problem was non-working shared memory.

Alex, you may want to ensure that your shmcb isn't failing to
initialize properly. It might explain the issues you are seeing.

> I think that you'll get more answers on mod_ssl behaviour if you
> ask on an Apache HTTPD mailing list.

+1

And please come back and let us know what you find out.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVo7rLAAoJEBzwKT+lPKRYoKYQAMtjxkZb4VMb9fzYUC9wrec6
jQBsdSFNxZBKnn+nHiUFy3pJnkLQ4jrw6xv8eMUX7RRLc9mv8mt6bFEj0tprcmI5
VVeprN89aNQSye5wWQds5Cl9Rum3rEjyslbHhPZvB6+/FVESG4Mm/LwvrGdkzjMw
vYZdTyxGBKzEifmtWJuNpMnaGf3nQdkIhugRYbMNpWpCTdSAZjxoHOSZ1qcj6Bh7
FGmDvxDs8zqFJmovE17VUa9ywYI5VORNqiIRdDaY0d9O5M6+5hZ2UM/RJR5jo8UF
XtQjbbDLqhLjeuYadvfte/4V5HC1S79ROkOTDJB/J2Hr0IYqF382Kud7xFkXRdap
CTaobG+ZFGk8ehwwFMzaRLvGh3EFXiGSg4/0Kd52WP9Mmmv44IZrgR5Nsnz7I2s8
NKilbPEqnTXw/sQvm+DyEcfsY5ePba1nl1KS5MLB3QsTdX8A349VxoFFTgMvwq7l
aW0gmcLA52ILe2Hg7dXatbX883r3tObzDn3+WtGOZ+35QfualHzlP0nUrfnI4EnX
x/h4e4hSPtRhkrG8e6uaWEE3JDMfpPb4+0+vFgix7+qlgBHaST+lJKVhItMxeAUu
YnA4VXImtGCqWSyzN/D08RRw88oUazckOOiG+Cj57n8ltvg9C0uFXAP++VEkV6Oy
kLGxOFet9mCGZLaWnPyn
=vo5X
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message