On 21/09/2015 08:37, Igor Cicimov wrote:
> Hi all,
>
> After enabling the APR/Native connector I can see the following warning
> messages upon tomcat restart:
>
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLDisableCompression' to 'true' did not find a matching property.
> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'SSLHonorCipherOrder' to 'true' did not find a matching property.
>
> although I can see those options available in the documentation:
> https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native
You are looking at the docs for 7.0.64 but running 7.0.26.
You need to use a more recent Tomcat 7.0.x release if you want to use
those features.
Mark
>
> The relevant config in server.xml:
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
>
> <Connector port="443"
> scheme="https" secure="true" SSLEnabled="true"
> SSLDisableCompression="true"
> SSLProtocol="all"
> SSLHonorCipherOrder="true"
> SSLCipherSuite="EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM
> EECDH+ECDSA+SHA384
> EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256
> EECDH+aRSA+RC4
> EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP
> !DSS !RC4"
> SSLCertificateChainFile="${catalina.base}/conf/cachain.pem"
> SSLCertificateFile="${catalina.base}/conf/star.pem"
> SSLCertificateKeyFile="${catalina.base}/conf/star_key.pem" />
>
> Am I missing something or am I maybe hitting some limitation related to
> tomcat/apr/tcnative version?
>
>
> OS: Ubuntu 12.04.5 LTS
> Tomcat: 7.0.26 (Ubuntu repository)
> openssl: 1.0.1-4ubuntu5.31
> libtcnative-1: 1.1.22-1build1
>
> Thanks,
> Igor
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
