On 10/02/2021 12:09, George Thomas wrote: > As per the below link > > https://github.com/spring-projects/spring-boot/issues/6164, the following > features are removed from tomcat 8.5 > > a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer exists > > b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer exists > > c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no > longer exists > > d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer exists > > These make our upgrade from tomcat 8.0 to tomcat 8.5.x challenging. > > We have two requirements > > 1. Tomcat AJP protocol receives encrypted content coming from the HTTP > server and gives an encrypted response. (In HTTP server we have ithe > functionality to encrypt using OpenSSL). In tomat versions, prior to 8.5 > it was possible to extend using custom classes that implement tomcat's > ServerSocketFactory interface. > 2. Store certificates file for tomcat https in a custom keystore (an XML > file) > > How these can be achieved in tomcat 8.5? Any suggestions are appreciated.
The cleanest solution is likely to be switching from AJP to HTTPS. If you *really* want to continue down the AJP over TLS route then something like: - set SSLEnabled="true" on the AJP Connector - you'll need a custom AJP protocol implementation that extends AjpNioProtocol and provides proper implementations of addSslHostConfig and findSslHostConfigs should get you an AJP connector running over TLS. If the custom KeyStore has been implemented via the standard KeyStore SPI it should 'just work'. If it doesn't use the SPI then you'll need to create a custom SSLImplementation (probably extending JSSEImplementation) and then set the sslImplementationName attribute on the Connector. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
