Thanks Thomas,
Now that we don't see the error but seeing one warning message for below:
WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [clientAuth] to [false]
I don't find any equivalent attribute for clientAuth in the documentation.
PFB snippet of our server.xml file
<Connector port="8004" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
clientAuth="false" defaultSSLHostConfigName="xxxxx">
<SSLHostConfig hostName="xxxxx" protocols="TLSv1.2"
ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384" > <Certificate
certificateKeystoreFile="D:\apps\tomcat\certs\xxxxx.jks"
certificateKeystorePassword="xxxxx" type="RSA" />
Thanks,
Saicharan Burle
-----Original Message-----
From: Thomas Hoffmann (Speed4Trade GmbH)
<thomas.hoffm...@speed4trade.com.INVALID>
Sent: Monday, September 5, 2022 5:56 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: AW: Issue with SSL connector in tomcat 10.0.23
Hello,
> -----Ursprüngliche Nachricht-----
> Von: saicharan.bu...@wellsfargo.com.INVALID
> <saicharan.bu...@wellsfargo.com.INVALID>
> Gesendet: Montag, 5. September 2022 14:11
> An: users@tomcat.apache.org
> Betreff: Issue with SSL connector in tomcat 10.0.23
>
> Hi Team,
>
> We are facing issues with the Tomcat 10.0.23 version while starting as
> it's not accepting few of the SSL parameters. PFB error message
>
> 05-Sep-2022 04:51:01.144 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
> to initialize component [Connector[HTTP/1.1-8004]]
> org.apache.catalina.LifecycleException: Protocol
> handler initialization failed
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.
> java:556
> )
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:747)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:769)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orI
> mpl.java:43)
> at
> java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
> at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
> Caused by: java.lang.IllegalArgumentException: No
> SSLHostConfig element was found with the hostName [_default_] to match
> the defaultSSLHostConfigName for the connector [https-jsse-nio-8004]
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(Abstract
> JsseEndpoi
> nt.java:76)
> at
> org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:206)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEn
> dpoin
> t.java:1192)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1205)
> at
> org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580)
> at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Pro
> tocol.j
> ava:82)
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1052)
> ... 13 more
>
> Also, We are seeing some warning messages below:
>
> 05-Sep-2022 04:51:00.733 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [sslProtocol] to
> [TLS]
> 05-Sep-2022 04:51:00.733 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property
> [sslEnabledProtocols] to [TLSv1.2]
> 05-Sep-2022 04:51:00.733 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [ciphers] to
> [SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA256,
> TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
> TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384]
>
>
> Regards,
> Saicharan Burle
The error message / stack contains the relevant information:
The SSLHostConfig element is missing in your server.xml , see example and
documentation here:
https://urldefense.com/v3/__https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html__;!!F9svGWnIaVPGSwU!rsDRG3kDTM6T-vUZGUT_gMmz77ubkv-rS7DqfghFB4CIqzaqDP4OnrwxC45q1tk2iZhrbDUZzOU7xgyE19QXFnny1Baxd4_hkKaTdW0VFlEHAQ$
The property sslProtocol is not valid in the element "Connector"
The property sslEnabledProtocols is not valid for the element "Connector"
If you have upgraded tomcat, some attributes and elements have changed when
using SSL / HTTPS.
Greetings,
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
