Thanks for the clarification. On Wed, 10 Feb 2021 at 22:52, Mark Thomas <ma...@apache.org> wrote:
> On 10/02/2021 17:11, George Thomas wrote: > > Thanks, Mark for the reply. In our case, we may have to stick with AJP .. > > However, I have not understood https way. > > Are you suggesting to listen to https port in place of AJP port and use > a > > different connector implementation at HTTP Server? > > Yes. > > Mark > > > > > > On Wed, 10 Feb 2021 at 18:53, Mark Thomas <ma...@apache.org> wrote: > > > >> On 10/02/2021 12:09, George Thomas wrote: > >>> As per the below link > >>> > >>> https://github.com/spring-projects/spring-boot/issues/6164, the > >> following > >>> features are removed from tomcat 8.5 > >>> > >>> a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer > exists > >>> > >>> b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer > >> exists > >>> > >>> c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no > >>> longer exists > >>> > >>> d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer > exists > >>> > >>> These make our upgrade from tomcat 8.0 to tomcat 8.5.x challenging. > >>> > >>> We have two requirements > >>> > >>> 1. Tomcat AJP protocol receives encrypted content coming from the > HTTP > >>> server and gives an encrypted response. (In HTTP server we have ithe > >>> functionality to encrypt using OpenSSL). In tomat versions, prior to > >> 8.5 > >>> it was possible to extend using custom classes that implement > tomcat's > >>> ServerSocketFactory interface. > >>> 2. Store certificates file for tomcat https in a custom keystore (an > >> XML > >>> file) > >>> > >>> How these can be achieved in tomcat 8.5? Any suggestions are > appreciated. > >> > >> The cleanest solution is likely to be switching from AJP to HTTPS. > >> > >> If you *really* want to continue down the AJP over TLS route then > >> something like: > >> - set SSLEnabled="true" on the AJP Connector > >> - you'll need a custom AJP protocol implementation that extends > >> AjpNioProtocol and provides proper implementations of addSslHostConfig > >> and findSslHostConfigs > >> > >> should get you an AJP connector running over TLS. > >> > >> If the custom KeyStore has been implemented via the standard KeyStore > >> SPI it should 'just work'. If it doesn't use the SPI then you'll need to > >> create a custom SSLImplementation (probably extending > >> JSSEImplementation) and then set the sslImplementationName attribute on > >> the Connector. > >> > >> Mark > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
