tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Soto <asot...@gmail.com>
Subject Re: Apache HTTPD (with SSL) + mod_jk + TomEE (Tomcat) nullify the ssl session id
Date Tue, 07 Jul 2015 17:21:11 GMT
yes it is set at httpd-ssl.config
https://github.com/lordofthejars/apache-tomee-ssl/blob/master/httpd-ssl.conf#L229
which I think that is where it should be set.
Everything too strange, but thanks anyway.

El dt., 7 jul. 2015 a les 19:17, André Warnier (<aw@ice-sa.com>) va
escriure:

> Alex Soto wrote:
> > Thank you so much but it is already set.
> >
> https://github.com/lordofthejars/apache-tomee-ssl/blob/master/httpd.conf#L171
> > This is so strange.
>
> But there is also this phrase : "In order to make SSL data available for
> mod_jk in Apache,
> you need to set SSLOptions +StdEnvVars."
>
> Honestly, I have never tried this, and I am not an SSL specialist at all,
> and the phrase
> above is a bit ambiguous.  But it seems worth a try, and I do not see it
> in your
> configuration.
>
> >
> > El dt., 7 jul. 2015 a les 12:25, André Warnier (<aw@ice-sa.com>) va
> > escriure:
> >
> >> Mark Thomas wrote:
> >>> On 07/07/2015 09:28, Alex Soto wrote:
> >>>> Hi Mark, SSL Session ID is not passed to Tomcat. You can see the logs
> >> here
> >>>> https://gist.github.com/lordofthejars/226d8ed605f2a58b52f3 (I have
> >> created
> >>>> a gist to not add here a lot of lines).
> >>>>
> >>>> Now the question is is it happens because of mod_jk or because of
> >> Apache?
> >>>> Alex.
> >>> OK. You've reached the limits of my conform zone. You need someone more
> >>> familiar with the httpd side of things at this point. Rainer?
> >>>
> >>> Mark
> >> Not Rainer, but maybe this helps :
> >> http://tomcat.apache.org/connectors-doc/reference/apache.html
> >> Look for "JkExtractSSL".
> >>
> >>
> >>>> El dl., 6 jul. 2015 a les 12:48, Mark Thomas (<markt@apache.org>)
va
> >>>> escriure:
> >>>>
> >>>>> On 06/07/2015 10:48, Alex Soto wrote:
> >>>>>> Hello I have seen a strange behaviour in Apache HTTPD (2.4)
 and
> TomEE
> >>>>> (in
> >>>>>> fact it is a Tomcat (7.0.61) so it is exactly the same for Tomcat)
> >> when I
> >>>>>> configure Apache server with SSL and mod_jk.
> >>>>>> In fact I am not sure where it is the problem if in mod_jk,
in
> Apache
> >>>>>> Server or in Tomcat, but I suspect that maybe the problem is
on
> mod_jk
> >>>>>> configuration.
> >>>>>>
> >>>>>> I am configuring the typical Apache as frontend and TomEE(Tomcat)
as
> >>>>>> backend solution. Currently Apache is configured with SSL and
with
> >> mod_jk
> >>>>>> it connects to TomEE using AJP. This works perfectly. The problem
is
> >> that
> >>>>>> inside my code I need to get the ssl session id:
> >>>>>>
> >>>>>> String ssl =
> >>>>>>
> >>
> (String)servletRequest.getAttribute("javax.servlet.request.ssl_session_id");
> >>>>>> I don't know why but sometimes this attribute is null and sometimes
> >> not.
> >>>>> It
> >>>>>> may return a null at first then stay like 10 requests working
and
> then
> >>>>> stop
> >>>>>> working again during some requests and the get attribute returns
> null.
> >>>>>>
> >>>>>> It seems that everything is configured correctly since sometimes
> >> works.
> >>>>>> Have you ever found something similar or knows what it can be
> >> happening?
> >>>>> Do
> >>>>>> you think that maybe the problem is on client (browser) side?
> >>>>>>
> >>>>>> Everything is dockerized here:
> >>>>>> https://github.com/lordofthejars/apache-tomee-ssl so you can
review
> >>>>>> configuration files of tomcat and apache or even run it.
> >>>>>>
> >>>>>> Thank you so much for your support.
> >>>>> Try turning on debug logging for mod_jk. It will generate lots of
> data
> >>>>> so just do it long enough to see the problem. When you look at the
> logs
> >>>>> you should be able to see if the SSL Session ID is being passed
to
> >>>>> Tomcat or not.
> >>>>>
> >>>>> Mark
> >>>>>
> >>>>>
> >>>>> ---------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>
> >>>>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message