On 23/03/18 15:00, Richard Tearle wrote: > On 22 March 2018 at 23:06, Mark Thomas <ma...@apache.org> wrote: >> On 22/03/18 15:27, Richard Tearle wrote: >>> On 22 March 2018 at 14:49, Mark Thomas <ma...@apache.org> wrote: >> >> <snip/> >> >> OK. Time to think about this. NIO + JSSE works whereas NIO + OpenSSL >> doesn't with the same configuration apart from the presence of the >> native library. >> >> That points to something OpenSSL specific. >> >> Disabling client verification fixes the problem. >> >> So it looks to be something to do with how OpenSSL handles client >> verification. It feels like configuration at this point rather than a >> bug but it needs some more thought. >> >> There will probably be some configuration combinations to experiment >> with but if they fail, something we can use to reproduce this is going >> to be the next step. >> >> Mark >> > > That's fine and many thanks for your help - I can get quite a good turn around > on testing various configuration changes. Anything that looks > promising, I'll run > for 8 hours, and we can usually get an inkling after an hour.
I've taken another look at the configuration options and disableSessionTickets="true" is the only one that stands out as a possibility. I think we have reached the point where we need a reproducible test case. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
