On 22/03/18 07:46, Richard Tearle wrote: > On 21 March 2018 at 14:54, Mark Thomas <ma...@apache.org> wrote:
<snip/> >> Please can you test your set-up with 8.5.x, the modified trust store and >> the same configuration as 8.0.x (NIO, JSSE). That should help us track >> down where the problem may lie. >> >> Thanks, >> >> Mark >> > > I created the PKCS12 as you showed above used my 8.0.x configuration and > ran my test application for 8 hours without a single connection closed error . Excellent. There have been a few moving parts here so I'd like to get some clarification on exactly where we are. I know from bitter personal experience that it is all too easy to end up using a slightly different TLS configuration to the one you think you are using so please could you confirm the following. The connector name can be obtained from the logs. You'll see lines that look like this: 22-Mar-2018 14:39:30.156 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"] 22-Mar-2018 14:39:30.161 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-8443"] 22-Mar-2018 14:39:30.163 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"] The part I am using below is the bit in the square brackes. The format is <protocol>-<tls-implementation-if-any>-<connector>-<port>. What we have so far is: 8.0.x, http-nio-nnnn (this is always JSSE in 8.0.x), clientAuth="true" This works. 8.5.x, http-nio-openssl-nnnn, certificateVerification="required" This fails intermittently 8.5.x, http-nio-jsse-nnnn, certificateVerification="required" This works Is this correct? Thanks, Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
