tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Soto <asot...@gmail.com>
Subject Re: Apache HTTPD (with SSL) + mod_jk + TomEE (Tomcat) nullify the ssl session id
Date Thu, 09 Jul 2015 14:14:52 GMT
Hello yes I have raised the question to httpd mailing list. Just to keep
you informed. Look what I have discovere. If I run in Chrome or Firefox I
get next log messages:
HTTP/1.1 - on TLSv1.2 Initial 172.17.42.1 - - [09/Jul/2015:13:57:18 +0000]
"GET /hello/hello HTTP/1.1" 200 89
HTTP/1.1 - on TLSv1.2 Initial 172.17.42.1 - - [09/Jul/2015:13:57:19 +0000]
"GET /hello/hello HTTP/1.1" 200 89
HTTP/1.1 - on TLSv1.2 Initial 172.17.42.1 - - [09/Jul/2015:13:57:21 +0000]
"GET /hello/hello HTTP/1.1" 200 89
HTTP/1.1 - on TLSv1.2 Initial 172.17.42.1 - - [09/Jul/2015:13:57:22 +0000]
"GET /hello/hello HTTP/1.1" 200 89
HTTP/1.1 - on TLSv1.2 Initial 172.17.42.1 - - [09/Jul/2015:13:57:23 +0000]
"GET /hello/hello HTTP/1.1" 200 89
HTTP/1.1 40007d1aa0ddea6c05fafc5ea26da0d239e8f5b11993db732da74b67ae5479ca
on TLSv1.2 Resumed 172.17.42.1 - - [09/Jul/2015:13:57:29 +0000] "GET
/hello/hello HTTP/1.1" 200 209

So it is always initial communication until some time it starts to resume
one.

But look what's happening if I use curl:
HTTP/1.1 d9c1532b4b38dd83fafbd3c7435653229f94e7e13fa7802fc6e0d91d7d748c4a
on TLSv1.2 Initial 172.17.42.1 - - [09/Jul/2015:13:58:37 +0000] "GET
/hello/hello HTTP/1.1" 200 209

It is the same I don't stop server or anything else.

Don't know if this gives you some information or not.

Thank you so much.



El dj., 9 jul. 2015 a les 13:30, Konstantin Kolinko (<knst.kolinko@gmail.com>)
va escriure:

> Please do not top-post, Rules:
> http://tomcat.apache.org/lists.html#tomcat-users
> -> "6."
>
> 2015-07-09 13:07 GMT+03:00 Alex Soto <asotobu@gmail.com>:
> > yes (LogFormat "%H %{SSL_SESSION_ID}e %h %l %u %t \"%r\" %>s %b")
> > note that in both cases %H is the same value. I think it is correct.
>
> Agreed. HTTP/1.1 is correct here.
>  It is what is written on the first line of an HTTP request.
>
> > Have a look here :
> http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
> > and in particular at
> >  %{FOOBAR}e     The contents of the environment variable FOOBAR
> >
> > You can also log the request protocol :
> > %H      The request protocol
>
> OP is using HTTPD 2.4, so documentation link is s/2.2/2.4/,
> http://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats
>
> You may look at mod_ssl docs,
> http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
>
> There are a number of interesting environment variables that may be
> logged (HTTPS, SSL_PROTOCOL, SSL_SESSION_RESUMED).
>
> Description of  "SSLSessionCache" directive in mod_ssl mentions some
> null values, but as you have configured "shmcb" cache implementation
> that apparently should not happen.
>
>
> I think that you'll get more answers on mod_ssl behaviour if you ask
> on an Apache HTTPD mailing list.
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message