Hello Richard, Il giorno sab, 22/06/2019 alle 21.19 +0000, Richard Huntrods ha scritto: > Apologies if this is really basic, but I've seen two ways of handling > https (SSL) for tomcat and don't understand the differences. [...] > <Connector port="443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > maxThreads="150" SSLEnabled="true"> > <SSLHostConfig> > <Certificate > certificateFile="/etc/letsencrypt/live/mydomain.com/cert.pem" > certificateKeyFile="/etc/letsencrypt/live/mydomain.com/privkey.pem" > certificateChainFile="/etc/letsencrypt/live/mydomain.com/chain.pem" > /> > </SSLHostConfig> > </Connector> > > vs. > > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" enableLookups="false" scheme="https" > secure="true" > keystoreFile="./keys/.keystore" keystorePass="mypass" > clientAuth="false" sslProtocol="TLS" />
If I understand correctly, prior to 8.5, there were two different syntaxes: one for SSL implemented by JSSE and one for openssl. The new syntax allow to specify all parameters in one way that both implementations recognize. Moreover, you may have configurations previously not possibile, i.e., you may now have many certificates (one RSA, one EC, one DSS) on the same connector: the right certificate will be picked up dynamically based on the SSL cipher used. Bye, Giuseppe --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
