Re: Misssing ServerSocketFactory in tomcat 8.5.x onwards (checked in 8.5.58)

Wed, 10 Feb 2021 09:12:05 -0800 

Thanks, Mark for the reply. In our case, we may have to stick with AJP ..
However, I have not understood https way.
 Are you suggesting to listen to https port in place of AJP port and use a
different connector implementation at HTTP Server?

On Wed, 10 Feb 2021 at 18:53, Mark Thomas <ma...@apache.org> wrote:

> On 10/02/2021 12:09, George Thomas wrote:
> > As per the below link
> >
> > https://github.com/spring-projects/spring-boot/issues/6164, the
> following
> > features are removed from tomcat 8.5
> >
> > a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer exists
> >
> > b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer
> exists
> >
> > c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no
> > longer exists
> >
> > d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer exists
> >
> > These make our upgrade from tomcat 8.0 to tomcat 8.5.x  challenging.
> >
> > We have two requirements
> >
> >    1. Tomcat AJP protocol receives encrypted content coming from the HTTP
> >    server and gives an encrypted response. (In HTTP server we have ithe
> >    functionality to encrypt using OpenSSL). In tomat versions, prior to
> 8.5
> >    it was possible to extend using custom classes that implement tomcat's
> >    ServerSocketFactory interface.
> >    2. Store certificates file for tomcat https in a custom keystore (an
> XML
> >    file)
> >
> > How these can be achieved in tomcat 8.5? Any suggestions are appreciated.
>
> The cleanest solution is likely to be switching from AJP to HTTPS.
>
> If you *really* want to continue down the AJP over TLS route then
> something like:
> - set SSLEnabled="true" on the AJP Connector
> - you'll need a custom AJP protocol implementation that extends
>   AjpNioProtocol and provides proper implementations of addSslHostConfig
>   and findSslHostConfigs
>
> should get you an AJP connector running over TLS.
>
> If the custom KeyStore has been implemented via the standard KeyStore
> SPI it should 'just work'. If it doesn't use the SPI then you'll need to
> create a custom SSLImplementation (probably extending
> JSSEImplementation) and then set the sslImplementationName attribute on
> the Connector.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to