On 07/07/2015 09:28, Alex Soto wrote:
> Hi Mark, SSL Session ID is not passed to Tomcat. You can see the logs here
> https://gist.github.com/lordofthejars/226d8ed605f2a58b52f3 (I have created
> a gist to not add here a lot of lines).
>
> Now the question is is it happens because of mod_jk or because of Apache?
> Alex.
OK. You've reached the limits of my conform zone. You need someone more
familiar with the httpd side of things at this point. Rainer?
Mark
>
> El dl., 6 jul. 2015 a les 12:48, Mark Thomas (<ma...@apache.org>) va
> escriure:
>
>> On 06/07/2015 10:48, Alex Soto wrote:
>>> Hello I have seen a strange behaviour in Apache HTTPD (2.4) and TomEE
>> (in
>>> fact it is a Tomcat (7.0.61) so it is exactly the same for Tomcat) when I
>>> configure Apache server with SSL and mod_jk.
>>> In fact I am not sure where it is the problem if in mod_jk, in Apache
>>> Server or in Tomcat, but I suspect that maybe the problem is on mod_jk
>>> configuration.
>>>
>>> I am configuring the typical Apache as frontend and TomEE(Tomcat) as
>>> backend solution. Currently Apache is configured with SSL and with mod_jk
>>> it connects to TomEE using AJP. This works perfectly. The problem is that
>>> inside my code I need to get the ssl session id:
>>>
>>> String ssl =
>>>
>> (String)servletRequest.getAttribute("javax.servlet.request.ssl_session_id");
>>>
>>> I don't know why but sometimes this attribute is null and sometimes not.
>> It
>>> may return a null at first then stay like 10 requests working and then
>> stop
>>> working again during some requests and the get attribute returns null.
>>>
>>> It seems that everything is configured correctly since sometimes works.
>>> Have you ever found something similar or knows what it can be happening?
>> Do
>>> you think that maybe the problem is on client (browser) side?
>>>
>>> Everything is dockerized here:
>>> https://github.com/lordofthejars/apache-tomee-ssl so you can review
>>> configuration files of tomcat and apache or even run it.
>>>
>>> Thank you so much for your support.
>>
>> Try turning on debug logging for mod_jk. It will generate lots of data
>> so just do it long enough to see the problem. When you look at the logs
>> you should be able to see if the SSL Session ID is being passed to
>> Tomcat or not.
>>
>> Mark
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
