-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Neha,
On 6/5/17 6:14 PM, Neha Munjal wrote: > We could finally mange through this. Somehow, the SSLEngine > attribute was set as "off" in the AprLifecycleListener which did > not allow OpenSSL implementation to work. > > This is resolved now. Would you please log this as a bug in BZ? https://bz.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%209 If the SSL engine is off, it shouldn't crash the JVM. :) - -chris > On Mon, Jun 5, 2017 at 1:27 PM, Neha Munjal > <neha.munj...@gmail.com> wrote: > >> Hi, >> >> We tried the following configuration, but it still fails with the >> same error: >> >> <Connector port="8443" address=xxxx >> protocol="org.apache.coyote.http11.Http11NioProtocol" >> SSLEnabled="true" maxThreads="150" keyAlias="interact7-priv" >> scheme="https" secure="true" clientAuth="false" >> sslProtocol="TLS"> <SSLHostConfig hostName=xxxx> <Certificate >> certificateKeyAlias=xxx certificateKeystoreFile=xxxx >> certificateKeystorePassword=xxxxx /> </SSLHostConfig> >> </Connector> >> >> Thanks Neha >> >> On Mon, Jun 5, 2017 at 11:53 AM, Hassan Khan >> <hassankhan...@gmail.com> wrote: >> >>> Hi, >>> >>> we had a different problem with Nio : <Connector port="443" >>> protocol="org.apache.coyote.ht tp11.Http11NioProtocol" ====> >>> Non-blocking connector maxThreads="200" SSLEnabled="true" >>> compression="on" minSpareThreads="25" maxSpareThreads="75" >>> enableLookups="false" connectionTimeout="-1" scheme="https" >>> secure="true"> >>> >>> <SSLHostConfig honorCipherOrder="false" > <Certificate >>> certificateKeystoreFile="XXX" >>> certificateKeystorePassword="XXX" >>> certificateKeyAlias="localhost" type="RSA" /> </SSLHostConfig> >>> </Connector> >>> >>> so we changed to APR as below and everything worked great : >>> <Connector >>> protocol="org.apache.coyote.http11.Http11AprProtocol" >>> port="443" clientAuth="false" sslProtocol="TLS" >>> SSLEnabled="true" maxThreads="150" scheme="https" >>> secure="true" SSLCertificateFile="ABC.crt" >>> SSLCertificateKeyFile="TRE.key" SSLEngine="on" >>> SSLVerifyDepth="2" /> >>> >>> But your may be different issue... >>> >>> Thanks Hassan >>> >>> On Mon, Jun 5, 2017 at 1:30 PM, Neha Munjal >>> <neha.munj...@gmail.com> wrote: >>> >>>> Hi Chris, >>>> >>>> Please find below our Connector information: >>>> >>>> <Connector port="8443" >>>> >>>> address=xxxxxxxxxx >>>> >>>> protocol="org.apache.coyote.http11.Http11NioProtocol" >>>> >>>> SSLEnabled="true" >>>> >>>> maxThreads="150" >>>> >>>> keyAlias=xxxxxxxxx >>>> >>>> keystoreFile=xxxxxxxxxx keystorePass=xxxxxxxxx >>>> >>>> scheme="https" >>>> >>>> secure="true" >>>> >>>> clientAuth="false" >>>> >>>> sslProtocol="TLS" /> >>>> >>>> >>>> Also found this link that talks about different SSL >>>> implementations >>> that we >>>> can configure: >>>> >>>> >>>> https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html >>>> >>>> >>>> Our installation uses APR and we have openssl102 installed. I >>>> think the connector configuration requires changes. >>>> >>>> >>>> Thanks >>>> >>>> Neha >>>> >>>> >>>> >>>> On Mon, Jun 5, 2017 at 7:58 AM, Christopher Schultz < >>>> ch...@christopherschultz.net> wrote: >>>> > > > Neha, > > On 6/2/17 5:36 PM, Neha Munjal wrote: >>>>>>> We have been trying to start Apache Tomcat 8.5.14 (JDK >>>>>>> version > 8.0_121-b13) >>>>>>> and land into the following error: >>>>>>> >>>>>>> # >>>>>>> >>>>>>> # A fatal error has been detected by the Java Runtime >>>>>>> Environment: # # SIGSEGV (0xb) at >>>>>>> pc=0x00007fafaa9ad123, pid=590, > tid=0x00007fb095cdc700 >>>>>>> # # JRE version: Java(TM) SE Runtime Environment >>>>>>> (8.0_121-b13) (build 1.8.0_121-b13) >>>>>>> >>>>>>> # Java VM: Java HotSpot(TM) 64-Bit Server VM >>>>>>> (25.121-b13 mixed mode linux-amd64 compressed oops) >>>>>>> >>>>>>> # Problematic frame: >>>>>>> >>>>>>> # C [libapr-1.so.0+0x25123] >>>>>>> apr_threadkey_private_set+0x3 > > > Hmm... I've not seen this one before. > > Can you please post your <Connector> configuration (with any > secrets removed)? > > -chris > >>>>> >>>>> ------------------------------------------------------------------ - --- >>>>> >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: >>>>> users-h...@tomcat.apache.org >>>>> >>>>> >>>> >>> >>> >>> >>> -- Hassan Khan >>> >> >> > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZNrXJAAoJEBzwKT+lPKRYIlsQALFAQbZ90SSMKnPAzQPlZTnF oS+c6FNWEn66+QZ015+r58UI7ouEVkihtHP1DuoV+jvifRO2bmdTRC3rsaumYej+ yDwRZB/2bGpP1HdJKbV2P1RMuz56r0HP2X+Myct1mElTVDO68A9ryU8lASXLv15q prhx7ESCjJ7d5ycpQhgPg7gdxGt+4cvMYJUYnh3G6Sx02Hj63IYXmjhwC5RwLoj8 2dJCVPxlKt5tfdjbtI+8Fwrb27cg5c+OmOkg1j1siRZB+kNAiXSWKipeK+UcTR6z wG6y/vdcMcW0ZYHxhE7AiAGYuBfwl9GNrI6aB31DKHsQAeSgokpLPmxmznVRfnas 783QSSZPQDbWI/Rr5bFuhVCawZtG6QHa56VfLpuR4CI5dIXi4cuq1e5r5/VfBIgd Ju0s1IKnR5wqhFdGn9QsGRcz7Qa42ZzHgRynmII38kPuG+l2L16GhC4KISVmiOes yT/W1NFvZKG1qZDzGXu1So2zJlYF+TFCzpqpuPbKezXY8DanbwXDDc3uJHZpTWGx IhjH/BPF2uvmAAhhnk4JtqR8PMQ4NG4uZzqIa1+7aAGZXMj5gXv+eEvjBV5MSuK7 uQ++/MugvXBZj5nCaQQOFZFhbyjqb0kyTiQORCyBuYri1uY08rC96e+GCW0FG0Cy tpSfCgZKjpVstH/CgqH3 =GH3I -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
