Hello Saicharan, > -----Ursprüngliche Nachricht----- > Von: saicharan.bu...@wellsfargo.com.INVALID > <saicharan.bu...@wellsfargo.com.INVALID> > Gesendet: Montag, 5. September 2022 15:37 > An: users@tomcat.apache.org > Betreff: RE: Issue with SSL connector in tomcat 10.0.23 > > Thanks Thomas, > > Now that we don't see the error but seeing one warning message for below: > > WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin > Match [Server/Service/Connector] failed to set property [clientAuth] to > [false] > > I don't find any equivalent attribute for clientAuth in the documentation. > > PFB snippet of our server.xml file > > <Connector port="8004" > protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" clientAuth="false" > defaultSSLHostConfigName="xxxxx"> > <SSLHostConfig hostName="xxxxx" protocols="TLSv1.2" > ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_ > SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_RSA_WITH_AES_256_GCM_SHA384" > <Certificate > certificateKeystoreFile="D:\apps\tomcat\certs\xxxxx.jks" > certificateKeystorePassword="xxxxx" type="RSA" /> > > Thanks, > Saicharan Burle
Just remove the clientAuth Attribute. Default value is false anyway and it is only used for client certificates which is rarely used. > -----Original Message----- > From: Thomas Hoffmann (Speed4Trade GmbH) > <thomas.hoffm...@speed4trade.com.INVALID> > Sent: Monday, September 5, 2022 5:56 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: AW: Issue with SSL connector in tomcat 10.0.23 > > Hello, > > > -----Ursprüngliche Nachricht----- > > Von: saicharan.bu...@wellsfargo.com.INVALID > > <saicharan.bu...@wellsfargo.com.INVALID> > > Gesendet: Montag, 5. September 2022 14:11 > > An: users@tomcat.apache.org > > Betreff: Issue with SSL connector in tomcat 10.0.23 > > > > Hi Team, > > > > We are facing issues with the Tomcat 10.0.23 version while starting as > > it's not accepting few of the SSL parameters. PFB error message > > > > 05-Sep-2022 04:51:01.144 SEVERE [main] > > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed > > to initialize component [Connector[HTTP/1.1-8004]] > > org.apache.catalina.LifecycleException: Protocol > > handler initialization failed > > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > org.apache.catalina.core.StandardService.initInternal(StandardService. > > java:556 > > ) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > org.apache.catalina.startup.Catalina.load(Catalina.java:747) > > at > > org.apache.catalina.startup.Catalina.load(Catalina.java:769) > > at > > sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: > > 62) > > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess > > orI > > mpl.java:43) > > at > > java.lang.reflect.Method.invoke(Method.java:498) > > at > > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305) > > at > > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475) > > Caused by: java.lang.IllegalArgumentException: No > > SSLHostConfig element was found with the hostName [_default_] to match > > the defaultSSLHostConfigName for the connector [https-jsse-nio-8004] > > at > > org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(Abstract > > JsseEndpoi > > nt.java:76) > > at > > org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:206) > > at > > org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEn > > dpoin > > t.java:1192) > > at > > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1205) > > at > > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580) > > at > > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Pro > > tocol.j > > ava:82) > > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:1052) > > ... 13 more > > > > Also, We are seeing some warning messages below: > > > > 05-Sep-2022 04:51:00.733 WARNING [main] > > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > > [Server/Service/Connector] failed to set property [sslProtocol] to > > [TLS] > > 05-Sep-2022 04:51:00.733 WARNING [main] > > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > > [Server/Service/Connector] failed to set property > > [sslEnabledProtocols] to [TLSv1.2] > > 05-Sep-2022 04:51:00.733 WARNING [main] > > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > > [Server/Service/Connector] failed to set property [ciphers] to > > [SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, > > TLS_RSA_WITH_AES_128_CBC_SHA256, > > TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, > > TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_RSA_WITH_AES_256_GCM_SHA384] > > > > > > Regards, > > Saicharan Burle > > The error message / stack contains the relevant information: > The SSLHostConfig element is missing in your server.xml , see example and > documentation here: > https://urldefense.com/v3/__https://tomcat.apache.org/tomcat-9.0-doc/ssl- > howto.html__;!!F9svGWnIaVPGSwU!rsDRG3kDTM6T-vUZGUT_gMmz77ubkv- > rS7DqfghFB4CIqzaqDP4OnrwxC45q1tk2iZhrbDUZzOU7xgyE19QXFnny1Baxd4_h > kKaTdW0VFlEHAQ$ > The property sslProtocol is not valid in the element "Connector" > The property sslEnabledProtocols is not valid for the element "Connector" > > If you have upgraded tomcat, some attributes and elements have changed > when using SSL / HTTPS. > > Greetings, > Thomas > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
