Am 15.04.2016 um 19:37 schrieb Michael Fox:
I am running Red Hat Linux version 7.2, Apache version 2.4.6, Java JDK
1.8.0_65, Tomcat version 9.0.0.M1, Tomcat connector version 1.2.5, and have
uncommented the HTTP/2 Connector lines in the Tomcat server.xml file. When I
run the configure command for the Tomcat connector, I get the message:
checking OpenSSL library version >= 1.0.2...
Found OPENSSL_VERSION_NUMBER 0x1000105f (OpenSSL 1.0.1e 11 Feb 2013)
Require OPENSSL_VERSION_NUMBER 0x1000200f or greater (1.0.2)
Per Red Hat (https://access.redhat.com/articles/1384453), they consider OpenSSL
version 1.0.2 to have security issues, and so are not issuing that version.
You misunderstood that text. Version 1.0.2 had security issues, which
where fixed by 1.0.2a. So the current patch level of 1.0.2, which is
1.0.2g has no known security issues.
tcnative starting with version 1.2.0 no longer supports OpenSSL older
than 1.0.2. So no support for 0.9.8, 1.0.0 and 1.0.1. You need to build
tcnative 1.2.x against OpenSSL 1.0.2 preferably against 1.0.2g.
The symbol SSL_CTX_set_alpn_select_cb only exists in 1.0.2 and newer.
Regards,
Rainer
To be able to configure and make the tcnative library, I run the configure
command as such:
./configure --with-apr=/usr/bin/apr-1-config --with-java-home=$JAVA_HOME
--prefix=$CATALINA_HOME --disable-openssl-version-check --with-ssl=yes
I am able to make and install the library, but when I run the Tomcat configtest
I get:
INFO: Initializing ProtocolHandler ["https-apr-8443"]
/usr/java/jdk1.8.0_65/bin/java: symbol lookup error:
/home/tomcat/apache-tomcat-9.0.0.M1-src/output/build/lib/libtcnative-1.so.0.2.5:
undefined symbol: SSL_CTX_set_alpn_select_cb
Configuration error detected!
Is there a way to get around or define this symbol?
Should I investigate the use of older versions of Tomcat, Java, and Tomcat
connector?
Should I not use APR with Tomcat (and then use HTTP/1.1)?
Should I abandon the RedHat Apache software and use the latest Apache from
apache.org?
Thanks,
Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org