NIO connector works without any issues, there is some problem in apr Regards,
Dmitry Batiyevskiy Ardas Group Inc. www.ardas.dp.ua 2014-03-05 16:13 GMT+02:00 Dmitry Batiyevskiy < dmitry.batiyevs...@ardas.dp.ua>: > Thanks > > Regards, > > Dmitry Batiyevskiy > > Ardas Group Inc. > > www.ardas.dp.ua > > > 2014-03-05 16:04 GMT+02:00 Martin Gainty <mgai...@hotmail.com>: > > FYI If you are using NIO Connector you will want to supply these NIO >> Connector attributes >> >> >> https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Standard_Implementation >> >> >> >> If you are using SSL on NIO read SSL on NIO for that capability >> >> >> >> APR Native SSL would use these parameters >> >> >> >> >> >> >> Attribute >> Description >> >> SSLCACertificateFile >> >> See the mod_ssl documentation. >> >> >> SSLCACertificatePath >> >> See the mod_ssl documentation. >> >> >> SSLCARevocationFile >> >> See the mod_ssl documentation. >> >> >> SSLCARevocationPath >> >> See the mod_ssl documentation. >> >> >> SSLCertificateChainFile >> >> See the mod_ssl documentation. >> >> >> SSLCACertificateFile >> >> Name of the file that contains the concatenated certificates for the >> trusted certificate authorities. The format is PEM-encoded. >> >> >> SSLCACertificatePath >> >> Name of the directory that contains the certificates for the trusted >> certificate authorities. The format is PEM-encoded. >> >> >> SSLCARevocationFile >> >> Name of the file that contains the concatenated certificate revocation >> lists for the certificate authorities. The format is PEM-encoded. >> >> >> SSLCARevocationPath >> >> Name of the directory that contains the certificate revocation lists for >> the certificate authorities. The format is PEM-encoded. >> >> >> SSLCertificateChainFile >> >> Name of the file that contains concatenated certifcates for the >> certificate authorities which form the certifcate chain for the server >> certificate. The format is PEM-encoded. >> >> >> SSLCertificateFile >> >> Name of the file that contains the server certificate. The format is >> PEM-encoded. >> >> >> SSLCertificateKeyFile >> >> Name of the file that contains the server private key. The format is >> PEM-encoded. The default value is the value of "SSLCertificateFile" and in >> this case both certificate and private key have to be in this file (NOT >> RECOMMENDED). >> >> >> SSLCipherSuite >> >> Ciphers which may be used for communicating with clients. The default is >> "ALL", with other acceptable values being a list of ciphers, with ":" used >> as the delimiter (see OpenSSL documentation for the list of ciphers >> supported). >> >> >> SSLDisableCompression >> >> Disables compression if set to true and OpenSSL supports disabling >> compression. Default is false which inherits the default compression >> setting in OpenSSL. >> >> >> SSLHonorCipherOrder >> >> Set to true to enforce the server's cipher order (from the SSLCipherSuite >> setting) instead of allowing the client to choose the cipher (which is the >> default). >> >> >> SSLPassword >> >> Pass phrase for the encrypted private key. If "SSLPassword" is not >> provided, the callback function should prompt for the pass phrase. >> >> >> SSLProtocol >> >> Protocol which may be used for communicating with clients. The default >> value is all, which is equivalent to SSLv3+TLSv1 with other acceptable >> values being SSLv2, SSLv3, TLSv1 and any combination of the three protocols >> concatenated with a plus sign. Note that the protocol SSLv2 is inherently >> unsafe. >> >> >> SSLVerifyClient >> >> Ask client for certificate. The default is "none", meaning the client >> will not have the opportunity to submit a certificate. Other acceptable >> values include "optional", "require" and "optionalNoCA". >> >> >> SSLVerifyDepth >> >> Maximum verification depth for client certificates. The default is "10". >> >> >> >> Tweak these Connector timeout parameters to acomodate your requirement >> >> asyncTimeout >> >> connectionTimeout >> >> connectionUploadTimeout >> >> disableUploadTimeout >> >> executorTerminationTimeoutMillis >> >> keepAliveTimeout >> >> socket.soTimeout >> >> socket.unlockTimeout >> >> selectorTimeout >> sessionTimeout >> >> >> (yes..Mr Schultz is correct on the last statement) >> Martin- >> >> >> >> >> >> > Date: Wed, 5 Mar 2014 15:12:02 +0200 >> > Subject: Re: java: src/network.c:441: >> Java_org_apache_tomcat_jni_Socket_send: Assertion failed >> > From: dmitry.batiyevs...@ardas.dp.ua >> > To: users@tomcat.apache.org >> > >> > Atmosphere upgrade didn't help >> > >> > Regards, >> > >> > Dmitry Batiyevskiy >> > >> > Ardas Group Inc. >> > >> > www.ardas.dp.ua >> > >> > >> > 2014-03-05 9:39 GMT+02:00 Dmitry Batiyevskiy < >> dmitry.batiyevs...@ardas.dp.ua >> > >: >> > >> > > We are ok with tomcat 7.0.42 and old tcnative now, and may be next >> > > tcnative update will work appropriately >> > > We will try updating atmosphere before trying NIO anyway >> > > >> > > Regards, >> > > >> > > Dmitry Batiyevskiy >> > > >> > > Ardas Group Inc. >> > > >> > > www.ardas.dp.ua >> > > >> > > >> > > 2014-03-04 23:18 GMT+02:00 Christopher Schultz < >> > > ch...@christopherschultz.net>: >> > > >> > > -----BEGIN PGP SIGNED MESSAGE----- >> > >> Hash: SHA256 >> > >> >> > >> Dmitry, >> > >> >> > >> On 3/4/14, 2:48 AM, Dmitry Batiyevskiy wrote: >> > >> > Howard, My connector config is the following (i've already posted >> > >> > that): >> > >> > >> > >> > <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="15000" >> > >> > enableLookups="false" disableUploadTimeout="true" acceptCount="100" >> > >> > scheme="https" secure="true" SSLEnabled="true" compression="off" >> > >> > SSLCertificateFile="/opt/tomcat/mycompany.com.crt" >> > >> > SSLCertificateKeyFile="/opt/tomcat/mycompany.com.key" /> >> > >> > >> > >> > Also -Dhttps.protocols=TLSv1 option is passed to java machine >> > >> > >> > >> > The reason for me to use apr connector is https performance, isn't >> > >> > NIO much slower in that? >> > >> >> > >> I don't have any recent performance data, but using OpenSSL is >> > >> apparently measurably faster than using JSSE. >> > >> >> > >> On the other hand, is the NIO connector does not crash, isn't that a >> > >> point in its favor? >> > >> >> > >> - -chris >> > >> -----BEGIN PGP SIGNATURE----- >> > >> Version: GnuPG v1 >> > >> Comment: GPGTools - http://gpgtools.org >> > >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> > >> >> > >> iQIcBAEBCAAGBQJTFkMeAAoJEBzwKT+lPKRYA+0P+wXFWLQnxRqzxwLtXMMK19jP >> > >> FPsqAXQTLRvSM/FsaGONS3VuIeKciVsyPfEIE8V7GOihEyQfNGYQr4caY7oZD1W8 >> > >> clJXWsc26Ez+eSYp8AHP0FORvu9hHXKWmf68ooBXwkC01v8iJD5XfpXZvev0VKWb >> > >> HQQ/d/gP4f3wFSoQY2MYH+gsu6iayhueomHf/t2pckodztcVnmx61v3DjXjtgz3J >> > >> HFsFay8tDTC5o/+OmU8PSzAZ2tRy8Ytd43dLNKq0YimR4Nb1LYE2MSjDoi49BvSX >> > >> +Z9YYXIMWCPUST0GjrjhPGJ2/EKVt12zS8UJdfPvcSPyky/y2zJkwksJIB6gO8+2 >> > >> Ps8IzGEXC0lM0yBaj2h4M28rVqA84k/oV0vBSbgvRnJYduFmM4qQzWEFStmMZxlN >> > >> D0E5QVZyBM6ZQjXYN/PJU3u9l8RP8AJY5dwcOiCm3FBZcd0gmC0JbO8y4bXFB208 >> > >> +zF63dGXqRVvLlSCmh9iqVqoqwgWGOJriKXZgqRmwtC1ovgkcfS16nxtGygh5mTG >> > >> 4ark2XbFQUQeu5RhcrlYmb8yKRIVcbByrEAbh1vfvYfE+i01DO6StElmOnm3cJ9L >> > >> K/ExFsOmpIyA4Z6A8Eyuq1t9TudZhhonT+6o7Or0Ve3PP8qh84HJuE7GFcT0gNAC >> > >> z7iVVXDnPqrPjkYxEZe/ >> > >> =tY82 >> > >> -----END PGP SIGNATURE----- >> > >> >> > >> --------------------------------------------------------------------- >> > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> > >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > >> >> > >> >> > > >> >> > >
