Re: Tomcat 7 and APR connector parameters

Mon, 21 Sep 2015 01:01:36 -0700 

Hi Igro,

I think you need to add the protocol attribute in the connector
configuration so that it will load the connector with APR

protocol="org.apache.coyote.http11.Http11AprProtocol"

If the PATH (Windows) or LD_LIBRARY_PATH (on most unix systems)
environment variables contain the Tomcat native library, the
APR/native connector will be used. If the native library cannot be
found, the blocking Java based connector will be used. Note that the
APR/native connector has different settings for HTTPS than the Java
connectors.

you can verify the protocol attribute document here [1]

https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support

Regards,

Sanaullah



On Mon, Sep 21, 2015 at 12:37 PM, Igor Cicimov <icici...@gmail.com> wrote:

> Hi all,
>
> After enabling the APR/Native connector I can see the following warning
> messages upon tomcat restart:
>
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLDisableCompression' to 'true' did not find a matching property.
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLHonorCipherOrder' to 'true' did not find a matching property.
>
> although I can see those options available in the documentation:
>
> https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native
>
> The relevant config in server.xml:
>
>   <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
>
>     <Connector port="443"
>            scheme="https" secure="true" SSLEnabled="true"
>            SSLDisableCompression="true"
>            SSLProtocol="all"
>            SSLHonorCipherOrder="true"
>            SSLCipherSuite="EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM
> EECDH+ECDSA+SHA384
>            EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256
> EECDH+aRSA+RC4
>            EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP
> !DSS !RC4"
>            SSLCertificateChainFile="${catalina.base}/conf/cachain.pem"
>            SSLCertificateFile="${catalina.base}/conf/star.pem"
>            SSLCertificateKeyFile="${catalina.base}/conf/star_key.pem" />
>
> Am I missing something or am I maybe hitting some limitation related to
> tomcat/apr/tcnative version?
>
>
> OS: Ubuntu 12.04.5 LTS
> Tomcat: 7.0.26 (Ubuntu repository)
> openssl: 1.0.1-4ubuntu5.31
> libtcnative-1: 1.1.22-1build1
>
> Thanks,
> Igor
>

Reply via email to