Re: Need help on SSL problem on new server after move from existing server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 10/11/2011 5:51 PM, Caldarale, Charles R wrote: >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Subject: Re: Need help on SSL problem on new server after move >> from existing server > >>> minSpareThreads="25" maxSpareThreads="75" > >> You might want to consider using an > > Not might, must: those attributes do not exist in the 6.0 or later > , but are available with an . I should have been more clear: use of an is not a requirement in 6.0+, but if you want your thread pool to actually re-size, you will have to use : those attributes specifically are no longer recognized. They should be generating warnings in your startup logs. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6Uu3cACgkQ9CaO5/Lv0PDJnwCfSguZoVGfbAQIsWA7KbQMFRuM Qu4Anit2WM4A3x4BexheYe0DqgVXPZvN =FqME -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Need help on SSL problem on new server after move from existing server
> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Subject: Re: Need help on SSL problem on new server after move from existing > server > > There is no "debug" attribute on the element > any longer. Nor was it there in Tomcat 5.5, so that makes me suspicious of the whole server.xml... Yet another case of blind upgrading without reading the doc for the target level. > > maxHttpHeaderSize="8192" That's the default setting, so it could be removed. > > tcpNoDelay="true" That's also the default. > > minSpareThreads="25" maxSpareThreads="75" > You might want to consider using an Not might, must: those attributes do not exist in the 6.0 or later , but are available with an . - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Need help on SSL problem on new server after move from existing server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rob, Goad to see you got your new server working. I do have some further comments if you're still around: On 10/11/2011 1:23 PM, Rob Tanner wrote: > I installed Tomcat 6.0.29 If you were upgrading from 5.5 to something else, why not go up to 6.0.33, which is the latest? Or, even better, why not upgrade all the way to 7.0.22? > Then I modified server.xml to include the various contexts from the > old server If possible, you should take your elements from server.xml and put them into the individual webapps' META-INF/context.xml files. This will make deploying and undeploying webapps much easier. If you want to override the META-INF/context.xml file packaged with a webapp (say, because you have to add local configuration that your developers don't know about), you can do so by putting the correct file into $CATALINA_BASE/conf/[engine]/[host]/[webapp].xml and it will override the descriptor from the webapp. > As far as I know, all the SSL configuration on the server is > contained within the connector definition, included below: > > element any longer. You should remove it. > maxHttpHeaderSize="8192" enableLookups="false" tcpNoDelay="true" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" You might want to consider using an : they are more flexible, and the thread pools can be shared across s if you want to do that (and you probably do if you have multiple connectors). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6UthcACgkQ9CaO5/Lv0PCerwCeMzVLB2CRlkfRHnO1Z42Pt1gQ QaAAoLUEFMVqYBy2Vd65YERFxav5xSnU =Lpx8 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need help on SSL problem on new server after move from existing server
That was a simple enough fix. Thank you. ~ Rob On 10/11/11 10:31 AM, "Mark Thomas" wrote: >On 11/10/2011 18:23, Rob Tanner wrote: >> Hi, >> >> After moving to a new server, I am getting the error: SSL received a >>record that exceeded the maximum permissible length. >> >> I installed Tomcat 6.0.29 on a new machine and copied over the webapps >>folder and the keystore from the old 5.5.23 machine. Then I modified >>server.xml to include the various contexts from the old server as well >>as the port 80 and port 443 connectors and also changed the keystore >>path for the port 443 SSL connector so it was pointing to the keystore. >> >> As far as I know, all the SSL configuration on the server is contained >>within the connector definition, included below: >> >> > maxHttpHeaderSize="8192" enableLookups="false" tcpNoDelay="true" >> maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >> acceptCount="100" connectionTimeout="2" >>disableUploadTimeout="true" >> keystoreFile="/usr/local/java/keystore2010" >>keystorePass="xx" >> scheme="https" secure="true" clientAuth="false" >>sslProtocol="TLS" /> >> >> This connector works perfectly with Tomcat 5.5.23. Are there changes >>need for 6.0.29? > >Yes. > >> Any ideas about what's going on? > >http://tomcat.apache.org/migration.html#Migrating_from_5.5.x_to_6.0.x > >Mark > >- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need help on SSL problem on new server after move from existing server
On 11/10/2011 18:23, Rob Tanner wrote: > Hi, > > After moving to a new server, I am getting the error: SSL received a record > that exceeded the maximum permissible length. > > I installed Tomcat 6.0.29 on a new machine and copied over the webapps folder > and the keystore from the old 5.5.23 machine. Then I modified server.xml to > include the various contexts from the old server as well as the port 80 and > port 443 connectors and also changed the keystore path for the port 443 SSL > connector so it was pointing to the keystore. > > As far as I know, all the SSL configuration on the server is contained within > the connector definition, included below: > > maxHttpHeaderSize="8192" enableLookups="false" tcpNoDelay="true" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > acceptCount="100" connectionTimeout="2" > disableUploadTimeout="true" > keystoreFile="/usr/local/java/keystore2010" keystorePass="xx" > scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> > > This connector works perfectly with Tomcat 5.5.23. Are there changes need > for 6.0.29? Yes. > Any ideas about what's going on? http://tomcat.apache.org/migration.html#Migrating_from_5.5.x_to_6.0.x Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Need help on SSL problem on new server after move from existing server
Hi, After moving to a new server, I am getting the error: SSL received a record that exceeded the maximum permissible length. I installed Tomcat 6.0.29 on a new machine and copied over the webapps folder and the keystore from the old 5.5.23 machine. Then I modified server.xml to include the various contexts from the old server as well as the port 80 and port 443 connectors and also changed the keystore path for the port 443 SSL connector so it was pointing to the keystore. As far as I know, all the SSL configuration on the server is contained within the connector definition, included below: This connector works perfectly with Tomcat 5.5.23. Are there changes need for 6.0.29? Any ideas about what's going on? Thanks, Rob Tanner Linfield College
