On 05/09/2022 14:37, saicharan.bu...@wellsfargo.com.INVALID wrote:
Thanks Thomas,
Now that we don't see the error but seeing one warning message for below:
WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [clientAuth] to [false]
I don't find any equivalent attribute for clientAuth in the documentation.
It is certificateVerification on the Connector.
Mark
PFB snippet of our server.xml file
<Connector port="8004" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150"
scheme="https" secure="true" clientAuth="false" defaultSSLHostConfigName="xxxxx">
<SSLHostConfig hostName="xxxxx" protocols="TLSv1.2"
ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384" > <Certificate
certificateKeystoreFile="D:\apps\tomcat\certs\xxxxx.jks" certificateKeystorePassword="xxxxx" type="RSA" />
Thanks,
Saicharan Burle
-----Original Message-----
From: Thomas Hoffmann (Speed4Trade GmbH)
<thomas.hoffm...@speed4trade.com.INVALID>
Sent: Monday, September 5, 2022 5:56 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: AW: Issue with SSL connector in tomcat 10.0.23
Hello,
-----Ursprüngliche Nachricht-----
Von: saicharan.bu...@wellsfargo.com.INVALID
<saicharan.bu...@wellsfargo.com.INVALID>
Gesendet: Montag, 5. September 2022 14:11
An: users@tomcat.apache.org
Betreff: Issue with SSL connector in tomcat 10.0.23
Hi Team,
We are facing issues with the Tomcat 10.0.23 version while starting as
it's not accepting few of the SSL parameters. PFB error message
05-Sep-2022 04:51:01.144 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
to initialize component [Connector[HTTP/1.1-8004]]
org.apache.catalina.LifecycleException: Protocol
handler initialization failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.
java:556
)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:747)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:769)
at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
orI
mpl.java:43)
at
java.lang.reflect.Method.invoke(Method.java:498)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
Caused by: java.lang.IllegalArgumentException: No
SSLHostConfig element was found with the hostName [_default_] to match
the defaultSSLHostConfigName for the connector [https-jsse-nio-8004]
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(Abstract
JsseEndpoi
nt.java:76)
at
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:206)
at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEn
dpoin
t.java:1192)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1205)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Pro
tocol.j
ava:82)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1052)
... 13 more
Also, We are seeing some warning messages below:
05-Sep-2022 04:51:00.733 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [sslProtocol] to
[TLS]
05-Sep-2022 04:51:00.733 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property
[sslEnabledProtocols] to [TLSv1.2]
05-Sep-2022 04:51:00.733 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [ciphers] to
[SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384]
Regards,
Saicharan Burle
The error message / stack contains the relevant information:
The SSLHostConfig element is missing in your server.xml , see example and
documentation here:
https://urldefense.com/v3/__https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html__;!!F9svGWnIaVPGSwU!rsDRG3kDTM6T-vUZGUT_gMmz77ubkv-rS7DqfghFB4CIqzaqDP4OnrwxC45q1tk2iZhrbDUZzOU7xgyE19QXFnny1Baxd4_hkKaTdW0VFlEHAQ$
The property sslProtocol is not valid in the element "Connector"
The property sslEnabledProtocols is not valid for the element "Connector"
If you have upgraded tomcat, some attributes and elements have changed when
using SSL / HTTPS.
Greetings,
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
