On 07/07/2016 19:49, Mekkelsen Madden, Steve wrote: > This was reproduced in dev, staging, testqa on multiple servers. Yes, the > response shown is JSON which is puzzling since that only appears when using > NIO2. That's why there is so much confusion on this. At the end of the day, > I simply deployed Tomcat 8.5.3x64 Windows to each server and migrated all the > settings from 8.0.32 to 8.5.3 respectively in the context.xml, server.xml, > tomcat-users.xml and web.xml. The biggest change in 8.5.3 was the > significant differences in SSL/TLS configuration required to get Tomcat to > even startup properly. I'm referring specifically to the connector arguments > that have changed. As an example (noting that this works with NIO, but not > as shown with NIO2): > ***We used to have:*** > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11Nio2Protocol" maxThreads="10" > minSpareThreads="5" acceptCount="100" connectionTimeout="60000" > disableUploadTimeout="true" clientAuth="false" secure="true" scheme="https" > SSLEnabled="true" sslProtocol="TLS" sslEnabledProtocols="TLSv1.1,TLSv1.2" > keystoreFile="D:\certificates\ourJKS.keystore" keystorePass="******" /> > <!-- Define an AJP 1.3 Connector on port 8009 --> > <Connector port="8019" protocol="AJP/1.3" redirectPort="8443" /> > > ***Now changed with 8.5.3 settings:*** > <Connector port="8443" > > protocol="org.apache.coyote.http11.Http11Nio2Protocol" > maxThreads="150" disableUploadTimeout="true" > SSLEnabled="true" > sslDefaultHost="ourServer.com"> > <SSLHostConfig hostName="ourServer.com"> > <Certificate > certificateKeystoreFile="D:\certificates\ourJKS.keystore" > certificateKeystorePassword="******" certificateKeyAlias="ourAlias" > type="RSA"/> > </SSLHostConfig> > </Connector> > <!-- Define an AJP 1.3 Connector on port 8009 --> > <Connector port="8019" protocol="AJP/1.3" redirectPort="8443" /> > > Am I missing something here? Has anyone else tried to do the same with NIO2 > protocol and it worked? :-)
Tomcat 8.5.x should work with a 8.0.x TLS configuration as long as there is only one TLS virtual host (Tomcat will auto-convert everything on the fly). I don't recall anything like this previously. If you can provide the simplest possible test case that demonstrates it, open a Bugzilla issue, attach the test case and someone will take a look. There is a major connector refactoring between 8.0.x and 8.5.x but generally I'd expect things to be better as there is less code duplication and better consistency of behaviour for numerous edge cases in 8.5.x compared to 8.0.x. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
