FYI If you are using NIO Connector you will want to supply these NIO Connector attributes
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Standard_Implementation If you are using SSL on NIO read SSL on NIO for that capability APR Native SSL would use these parameters Attribute Description SSLCACertificateFile See the mod_ssl documentation. SSLCACertificatePath See the mod_ssl documentation. SSLCARevocationFile See the mod_ssl documentation. SSLCARevocationPath See the mod_ssl documentation. SSLCertificateChainFile See the mod_ssl documentation. SSLCACertificateFile Name of the file that contains the concatenated certificates for the trusted certificate authorities. The format is PEM-encoded. SSLCACertificatePath Name of the directory that contains the certificates for the trusted certificate authorities. The format is PEM-encoded. SSLCARevocationFile Name of the file that contains the concatenated certificate revocation lists for the certificate authorities. The format is PEM-encoded. SSLCARevocationPath Name of the directory that contains the certificate revocation lists for the certificate authorities. The format is PEM-encoded. SSLCertificateChainFile Name of the file that contains concatenated certifcates for the certificate authorities which form the certifcate chain for the server certificate. The format is PEM-encoded. SSLCertificateFile Name of the file that contains the server certificate. The format is PEM-encoded. SSLCertificateKeyFile Name of the file that contains the server private key. The format is PEM-encoded. The default value is the value of "SSLCertificateFile" and in this case both certificate and private key have to be in this file (NOT RECOMMENDED). SSLCipherSuite Ciphers which may be used for communicating with clients. The default is "ALL", with other acceptable values being a list of ciphers, with ":" used as the delimiter (see OpenSSL documentation for the list of ciphers supported). SSLDisableCompression Disables compression if set to true and OpenSSL supports disabling compression. Default is false which inherits the default compression setting in OpenSSL. SSLHonorCipherOrder Set to true to enforce the server's cipher order (from the SSLCipherSuite setting) instead of allowing the client to choose the cipher (which is the default). SSLPassword Pass phrase for the encrypted private key. If "SSLPassword" is not provided, the callback function should prompt for the pass phrase. SSLProtocol Protocol which may be used for communicating with clients. The default value is all, which is equivalent to SSLv3+TLSv1 with other acceptable values being SSLv2, SSLv3, TLSv1 and any combination of the three protocols concatenated with a plus sign. Note that the protocol SSLv2 is inherently unsafe. SSLVerifyClient Ask client for certificate. The default is "none", meaning the client will not have the opportunity to submit a certificate. Other acceptable values include "optional", "require" and "optionalNoCA". SSLVerifyDepth Maximum verification depth for client certificates. The default is "10". Tweak these Connector timeout parameters to acomodate your requirement asyncTimeout connectionTimeout connectionUploadTimeout disableUploadTimeout executorTerminationTimeoutMillis keepAliveTimeout socket.soTimeout socket.unlockTimeout selectorTimeout sessionTimeout (yes..Mr Schultz is correct on the last statement) Martin- > Date: Wed, 5 Mar 2014 15:12:02 +0200 > Subject: Re: java: src/network.c:441: Java_org_apache_tomcat_jni_Socket_send: > Assertion failed > From: dmitry.batiyevs...@ardas.dp.ua > To: users@tomcat.apache.org > > Atmosphere upgrade didn't help > > Regards, > > Dmitry Batiyevskiy > > Ardas Group Inc. > > www.ardas.dp.ua > > > 2014-03-05 9:39 GMT+02:00 Dmitry Batiyevskiy <dmitry.batiyevs...@ardas.dp.ua > >: > > > We are ok with tomcat 7.0.42 and old tcnative now, and may be next > > tcnative update will work appropriately > > We will try updating atmosphere before trying NIO anyway > > > > Regards, > > > > Dmitry Batiyevskiy > > > > Ardas Group Inc. > > > > www.ardas.dp.ua > > > > > > 2014-03-04 23:18 GMT+02:00 Christopher Schultz < > > ch...@christopherschultz.net>: > > > > -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA256 > >> > >> Dmitry, > >> > >> On 3/4/14, 2:48 AM, Dmitry Batiyevskiy wrote: > >> > Howard, My connector config is the following (i've already posted > >> > that): > >> > > >> > <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="15000" > >> > enableLookups="false" disableUploadTimeout="true" acceptCount="100" > >> > scheme="https" secure="true" SSLEnabled="true" compression="off" > >> > SSLCertificateFile="/opt/tomcat/mycompany.com.crt" > >> > SSLCertificateKeyFile="/opt/tomcat/mycompany.com.key" /> > >> > > >> > Also -Dhttps.protocols=TLSv1 option is passed to java machine > >> > > >> > The reason for me to use apr connector is https performance, isn't > >> > NIO much slower in that? > >> > >> I don't have any recent performance data, but using OpenSSL is > >> apparently measurably faster than using JSSE. > >> > >> On the other hand, is the NIO connector does not crash, isn't that a > >> point in its favor? > >> > >> - -chris > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1 > >> Comment: GPGTools - http://gpgtools.org > >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > >> > >> iQIcBAEBCAAGBQJTFkMeAAoJEBzwKT+lPKRYA+0P+wXFWLQnxRqzxwLtXMMK19jP > >> FPsqAXQTLRvSM/FsaGONS3VuIeKciVsyPfEIE8V7GOihEyQfNGYQr4caY7oZD1W8 > >> clJXWsc26Ez+eSYp8AHP0FORvu9hHXKWmf68ooBXwkC01v8iJD5XfpXZvev0VKWb > >> HQQ/d/gP4f3wFSoQY2MYH+gsu6iayhueomHf/t2pckodztcVnmx61v3DjXjtgz3J > >> HFsFay8tDTC5o/+OmU8PSzAZ2tRy8Ytd43dLNKq0YimR4Nb1LYE2MSjDoi49BvSX > >> +Z9YYXIMWCPUST0GjrjhPGJ2/EKVt12zS8UJdfPvcSPyky/y2zJkwksJIB6gO8+2 > >> Ps8IzGEXC0lM0yBaj2h4M28rVqA84k/oV0vBSbgvRnJYduFmM4qQzWEFStmMZxlN > >> D0E5QVZyBM6ZQjXYN/PJU3u9l8RP8AJY5dwcOiCm3FBZcd0gmC0JbO8y4bXFB208 > >> +zF63dGXqRVvLlSCmh9iqVqoqwgWGOJriKXZgqRmwtC1ovgkcfS16nxtGygh5mTG > >> 4ark2XbFQUQeu5RhcrlYmb8yKRIVcbByrEAbh1vfvYfE+i01DO6StElmOnm3cJ9L > >> K/ExFsOmpIyA4Z6A8Eyuq1t9TudZhhonT+6o7Or0Ve3PP8qh84HJuE7GFcT0gNAC > >> z7iVVXDnPqrPjkYxEZe/ > >> =tY82 > >> -----END PGP SIGNATURE----- > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > >
