Thanks Regards,
Dmitry Batiyevskiy Ardas Group Inc. www.ardas.dp.ua 2014-03-05 16:04 GMT+02:00 Martin Gainty <mgai...@hotmail.com>: > FYI If you are using NIO Connector you will want to supply these NIO > Connector attributes > > > https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Standard_Implementation > > > > If you are using SSL on NIO read SSL on NIO for that capability > > > > APR Native SSL would use these parameters > > > > > > > Attribute > Description > > SSLCACertificateFile > > See the mod_ssl documentation. > > > SSLCACertificatePath > > See the mod_ssl documentation. > > > SSLCARevocationFile > > See the mod_ssl documentation. > > > SSLCARevocationPath > > See the mod_ssl documentation. > > > SSLCertificateChainFile > > See the mod_ssl documentation. > > > SSLCACertificateFile > > Name of the file that contains the concatenated certificates for the > trusted certificate authorities. The format is PEM-encoded. > > > SSLCACertificatePath > > Name of the directory that contains the certificates for the trusted > certificate authorities. The format is PEM-encoded. > > > SSLCARevocationFile > > Name of the file that contains the concatenated certificate revocation > lists for the certificate authorities. The format is PEM-encoded. > > > SSLCARevocationPath > > Name of the directory that contains the certificate revocation lists for > the certificate authorities. The format is PEM-encoded. > > > SSLCertificateChainFile > > Name of the file that contains concatenated certifcates for the > certificate authorities which form the certifcate chain for the server > certificate. The format is PEM-encoded. > > > SSLCertificateFile > > Name of the file that contains the server certificate. The format is > PEM-encoded. > > > SSLCertificateKeyFile > > Name of the file that contains the server private key. The format is > PEM-encoded. The default value is the value of "SSLCertificateFile" and in > this case both certificate and private key have to be in this file (NOT > RECOMMENDED). > > > SSLCipherSuite > > Ciphers which may be used for communicating with clients. The default is > "ALL", with other acceptable values being a list of ciphers, with ":" used > as the delimiter (see OpenSSL documentation for the list of ciphers > supported). > > > SSLDisableCompression > > Disables compression if set to true and OpenSSL supports disabling > compression. Default is false which inherits the default compression > setting in OpenSSL. > > > SSLHonorCipherOrder > > Set to true to enforce the server's cipher order (from the SSLCipherSuite > setting) instead of allowing the client to choose the cipher (which is the > default). > > > SSLPassword > > Pass phrase for the encrypted private key. If "SSLPassword" is not > provided, the callback function should prompt for the pass phrase. > > > SSLProtocol > > Protocol which may be used for communicating with clients. The default > value is all, which is equivalent to SSLv3+TLSv1 with other acceptable > values being SSLv2, SSLv3, TLSv1 and any combination of the three protocols > concatenated with a plus sign. Note that the protocol SSLv2 is inherently > unsafe. > > > SSLVerifyClient > > Ask client for certificate. The default is "none", meaning the client will > not have the opportunity to submit a certificate. Other acceptable values > include "optional", "require" and "optionalNoCA". > > > SSLVerifyDepth > > Maximum verification depth for client certificates. The default is "10". > > > > Tweak these Connector timeout parameters to acomodate your requirement > > asyncTimeout > > connectionTimeout > > connectionUploadTimeout > > disableUploadTimeout > > executorTerminationTimeoutMillis > > keepAliveTimeout > > socket.soTimeout > > socket.unlockTimeout > > selectorTimeout > sessionTimeout > > > (yes..Mr Schultz is correct on the last statement) > Martin- > > > > > > > Date: Wed, 5 Mar 2014 15:12:02 +0200 > > Subject: Re: java: src/network.c:441: > Java_org_apache_tomcat_jni_Socket_send: Assertion failed > > From: dmitry.batiyevs...@ardas.dp.ua > > To: users@tomcat.apache.org > > > > Atmosphere upgrade didn't help > > > > Regards, > > > > Dmitry Batiyevskiy > > > > Ardas Group Inc. > > > > www.ardas.dp.ua > > > > > > 2014-03-05 9:39 GMT+02:00 Dmitry Batiyevskiy < > dmitry.batiyevs...@ardas.dp.ua > > >: > > > > > We are ok with tomcat 7.0.42 and old tcnative now, and may be next > > > tcnative update will work appropriately > > > We will try updating atmosphere before trying NIO anyway > > > > > > Regards, > > > > > > Dmitry Batiyevskiy > > > > > > Ardas Group Inc. > > > > > > www.ardas.dp.ua > > > > > > > > > 2014-03-04 23:18 GMT+02:00 Christopher Schultz < > > > ch...@christopherschultz.net>: > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > >> Hash: SHA256 > > >> > > >> Dmitry, > > >> > > >> On 3/4/14, 2:48 AM, Dmitry Batiyevskiy wrote: > > >> > Howard, My connector config is the following (i've already posted > > >> > that): > > >> > > > >> > <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="15000" > > >> > enableLookups="false" disableUploadTimeout="true" acceptCount="100" > > >> > scheme="https" secure="true" SSLEnabled="true" compression="off" > > >> > SSLCertificateFile="/opt/tomcat/mycompany.com.crt" > > >> > SSLCertificateKeyFile="/opt/tomcat/mycompany.com.key" /> > > >> > > > >> > Also -Dhttps.protocols=TLSv1 option is passed to java machine > > >> > > > >> > The reason for me to use apr connector is https performance, isn't > > >> > NIO much slower in that? > > >> > > >> I don't have any recent performance data, but using OpenSSL is > > >> apparently measurably faster than using JSSE. > > >> > > >> On the other hand, is the NIO connector does not crash, isn't that a > > >> point in its favor? > > >> > > >> - -chris > > >> -----BEGIN PGP SIGNATURE----- > > >> Version: GnuPG v1 > > >> Comment: GPGTools - http://gpgtools.org > > >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > >> > > >> iQIcBAEBCAAGBQJTFkMeAAoJEBzwKT+lPKRYA+0P+wXFWLQnxRqzxwLtXMMK19jP > > >> FPsqAXQTLRvSM/FsaGONS3VuIeKciVsyPfEIE8V7GOihEyQfNGYQr4caY7oZD1W8 > > >> clJXWsc26Ez+eSYp8AHP0FORvu9hHXKWmf68ooBXwkC01v8iJD5XfpXZvev0VKWb > > >> HQQ/d/gP4f3wFSoQY2MYH+gsu6iayhueomHf/t2pckodztcVnmx61v3DjXjtgz3J > > >> HFsFay8tDTC5o/+OmU8PSzAZ2tRy8Ytd43dLNKq0YimR4Nb1LYE2MSjDoi49BvSX > > >> +Z9YYXIMWCPUST0GjrjhPGJ2/EKVt12zS8UJdfPvcSPyky/y2zJkwksJIB6gO8+2 > > >> Ps8IzGEXC0lM0yBaj2h4M28rVqA84k/oV0vBSbgvRnJYduFmM4qQzWEFStmMZxlN > > >> D0E5QVZyBM6ZQjXYN/PJU3u9l8RP8AJY5dwcOiCm3FBZcd0gmC0JbO8y4bXFB208 > > >> +zF63dGXqRVvLlSCmh9iqVqoqwgWGOJriKXZgqRmwtC1ovgkcfS16nxtGygh5mTG > > >> 4ark2XbFQUQeu5RhcrlYmb8yKRIVcbByrEAbh1vfvYfE+i01DO6StElmOnm3cJ9L > > >> K/ExFsOmpIyA4Z6A8Eyuq1t9TudZhhonT+6o7Or0Ve3PP8qh84HJuE7GFcT0gNAC > > >> z7iVVXDnPqrPjkYxEZe/ > > >> =tY82 > > >> -----END PGP SIGNATURE----- > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > >> For additional commands, e-mail: users-h...@tomcat.apache.org > > >> > > >> > > > > >
